[Openswan Users] -!- Routing Problems %defaultroute requested
but not known -!-
neptuno
neptuno at ilhadamagia.trix.net
Thu Sep 16 14:00:33 CEST 2004
Paul Wouters wrote:
>
> Your method of running make menumod and then rebuilding the kernel
> should work.
>
>> Linux Openswan U2.1.5/K2.06 (klips)
>
>
>
> You are using klips.
>
>> Checking NAT and MASQUERADEing
>> Checking tun0x1002 at 200.180.4.245 from 192.168.201.0/24 to
>> 192.168.200.0/24 [FAILED]
>> MASQUERADE from 192.168.201.0/24 to 0.0.0.0/0 kills tunnel
>> 192.168.201.0/24 -> 192.168.200.0/24
>
>
>
> And you seem to be killing IPsec packets by NATing them. This is your
> real problem. Disable NAT or exclude IPsec packets by excluding NAT
> for any
> 192.168.0.0/16 destination.
>
OK, i set policy to ACCEPT, no filter rules. Im doing nat/masquerading
excluding -d \! 192.168.0.0/16 destinations at both sides.
what happens if my leftnexthop is wrong, now its point to 200... but in
tracerout nexhop is 10.0... my modem.
To exclude (%defaultroute requested but not known) errors i disabled OE.
I saw that ipsec0 is transmiting but NOT receiving. (same for both sides)
ipsec0 Link encap:Ethernet HWaddr 00:E0:4C:77:5A:26
inet addr:200.176.142.38 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:202 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:31353 (30.6 Kb)
now, my logs follows:
/var/log/messages:
Sep 16 12:32:16 brainless ipsec_setup: Openswan IPsec apparently already
running, start aborted
Sep 16 12:32:23 brainless ipsec_setup: Stopping Openswan IPsec...
Sep 16 12:32:24 brainless ipsec_setup: ...Openswan IPsec stopped
Sep 16 12:32:24 brainless kernel: IPSEC EVENT: KLIPS device ipsec0 shut
down.
Sep 16 12:32:24 brainless kernel:
Sep 16 12:32:24 brainless ipsec_setup: KLIPS debug `none'
Sep 16 12:32:24 brainless kernel:
Sep 16 12:32:24 brainless ipsec_setup: Starting Openswan IPsec
U2.1.5/K2.06...
Sep 16 12:32:24 brainless ipsec_setup: KLIPS ipsec0 on eth0
200.176.142.38/255.255.255.0 broadcast 255.255.255.
Sep 16 12:32:24 brainless ipsec_setup: ...Openswan IPsec started
Sep 16 12:33:44 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225
DST=192.168.200.210 LEN=96 TOS=0x00 PR ....
Sep 16 12:33:45 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225
DST=192.168.200.210 LEN=96 TOS=0x00 PR ....
Sep 16 12:33:47 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225
DST=192.168.200.210 LEN=96 TOS=0x00 PR .....
/var/log/secure:
Sep 16 12:32:23 brainless pluto[6184]: |
Sep 16 12:32:23 brainless pluto[6184]: | *received whack message
Sep 16 12:32:23 brainless pluto[6184]: shutting down
Sep 16 12:32:23 brainless pluto[6184]: forgetting secrets
Sep 16 12:32:23 brainless pluto[6184]: "vpn1": deleting connection
Sep 16 12:32:23 brainless pluto[6184]: "vpn1" #7: deleting state
(STATE_QUICK_R2)
Sep 16 12:32:23 brainless pluto[6184]: | ICOOKIE: bd 79 d8 80 1b 58 8f 85
Sep 16 12:32:23 brainless pluto[6184]: | RCOOKIE: 56 63 68 75 64 9c 52 b5
Sep 16 12:32:23 brainless pluto[6184]: | peer: c8 b4 04 f5
Sep 16 12:32:23 brainless pluto[6184]: | state hash entry 25
Sep 16 12:32:23 brainless pluto[6184]: | executing down-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='down-client' PLUTO_CONNECTION='vpn1'
PLUTO_NEXT_HOP='200.176.142.1' PLUTO_INTERFACE='ipsec0'
PLUTO_ME='200.176.142.38' PLUTO_MY_ID='@brainless.rumonorte.com'
PLUTO_MY_CLIENT='192.168.201.0/24' PLUTO_MY_CLIENT_NET='192.168.201.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.180.4.245'
PLUTO_PEER_ID='@octopus.rumonorte.com'
PLUTO_PEER_CLIENT='192.168.200.0/24'
PLUTO_PEER_CLIENT_NET='192.168.200.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
Sep 16 12:32:23 brainless pluto[6184]: | eroute_connection replace with
shunt eroute 192.168.201.0/24:0 --0-> 192.168.200.0/24:0 => %trap
(raw_eroute)
Sep 16 12:32:23 brainless pluto[6184]: "vpn1" #6: deleting state
(STATE_QUICK_R2)
Sep 16 12:32:23 brainless pluto[6184]: | ICOOKIE: bd 79 d8 80 1b 58 8f 85
Sep 16 12:32:23 brainless pluto[6184]: | RCOOKIE: 56 63 68 75 64 9c 52 b5
Sep 16 12:32:23 brainless pluto[6184]: | peer: c8 b4 04 f5
Sep 16 12:32:23 brainless pluto[6184]: | state hash entry 25
Sep 16 12:32:23 brainless pluto[6184]: "vpn1" #5: deleting state
(STATE_QUICK_R2)
Sep 16 12:32:23 brainless pluto[6184]: | ICOOKIE: bd 79 d8 80 1b 58 8f 85
Sep 16 12:32:23 brainless pluto[6184]: | RCOOKIE: 56 63 68 75 64 9c 52 b5
Sep 16 12:32:23 brainless pluto[6184]: | peer: c8 b4 04 f5
Sep 16 12:32:23 brainless pluto[6184]: | state hash entry 25
Sep 16 12:32:23 brainless pluto[6184]: "vpn1" #4: deleting state
(STATE_MAIN_R3)
Sep 16 12:32:23 brainless pluto[6184]: | ICOOKIE: bd 79 d8 80 1b 58 8f 85
Sep 16 12:32:23 brainless pluto[6184]: | RCOOKIE: 56 63 68 75 64 9c 52 b5
Sep 16 12:32:23 brainless pluto[6184]: | peer: c8 b4 04 f5
Sep 16 12:32:23 brainless pluto[6184]: | state hash entry 25
Sep 16 12:32:23 brainless pluto[6184]: | eroute_connection delete eroute
192.168.201.0/24:0 --0-> 192.168.200.0/24:0 => int.0 at 0.0.0.0 (raw_eroute)
Sep 16 12:32:23 brainless pluto[6184]: | route owner of "vpn1" unrouted:
NULL
Sep 16 12:32:23 brainless pluto[6184]: | executing unroute-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='unroute-client' PLUTO_CONNECTION='vpn1'
PLUTO_NEXT_HOP='200.176.142.1' PLUTO_INTERFACE='ipsec0'
PLUTO_ME='200.176.142.38' PLUTO_MY_ID='@brainless.rumonorte.com'
PLUTO_MY_CLIENT='192.168.201.0/24' PLUTO_MY_CLIENT_NET='192.168.201.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.180.4.245'
PLUTO_PEER_ID='@octopus.rumonorte.com'
PLUTO_PEER_CLIENT='192.168.200.0/24'
PLUTO_PEER_CLIENT_NET='192.168.200.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
Sep 16 12:32:23 brainless pluto[6184]: shutting down interface
ipsec0/eth0 200.176.142.38
Sep 16 12:32:24 brainless ipsec__plutorun: Starting Pluto subsystem...
Sep 16 12:32:24 brainless pluto[6868]: Starting Pluto (Openswan Version
2.1.5 X.509-1.4.8-1 PLUTO_USES_KEYRR)
Sep 16 12:32:24 brainless pluto[6868]: including NAT-Traversal patch
(Version 0.6c) [disabled]
Sep 16 12:32:24 brainless pluto[6868]: | inserting event
EVENT_REINIT_SECRET, timeout in 3600 seconds
Sep 16 12:32:24 brainless pluto[6868]: Using KLIPS IPsec interface code
Sep 16 12:32:24 brainless pluto[6868]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Sep 16 12:32:24 brainless pluto[6868]: Changing to directory
'/etc/ipsec.d/cacerts'
Sep 16 12:32:24 brainless pluto[6868]: Warning: empty directory
Sep 16 12:32:24 brainless pluto[6868]: Changing to directory
'/etc/ipsec.d/crls'
Sep 16 12:32:24 brainless pluto[6868]: Warning: empty directory
Sep 16 12:32:24 brainless pluto[6868]: | inserting event 9??, timeout in
41256 seconds
Sep 16 12:32:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:32:24 brainless pluto[6868]: |
Sep 16 12:32:24 brainless pluto[6868]: | *received whack message
Sep 16 12:32:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:32:24 brainless pluto[6868]: |
Sep 16 12:32:24 brainless pluto[6868]: | *received whack message
Sep 16 12:32:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:32:24 brainless pluto[6868]: |
Sep 16 12:32:24 brainless pluto[6868]: | *received whack message
Sep 16 12:32:24 brainless pluto[6868]: | Added new connection vpn1 with
policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 16 12:32:24 brainless pluto[6868]: | counting wild cards for
@brainless.rumonorte.com is 0
Sep 16 12:32:24 brainless pluto[6868]: | sendcert is 3
Sep 16 12:32:24 brainless pluto[6868]: | counting wild cards for
@octopus.rumonorte.com is 0
Sep 16 12:32:24 brainless pluto[6868]: | sendcert is 3
Sep 16 12:32:24 brainless pluto[6868]: added connection description "vpn1"
Sep 16 12:32:24 brainless pluto[6868]: |
192.168.201.0/24===200.176.142.38[@brainless.rumonorte.com,S=C]---200.176.142.1...200.180.6.254---200.180.4.245[@octopus.rumonorte.com,S=C]===192.168.200.0/24
Sep 16 12:32:24 brainless pluto[6868]: | ike_life: 3600s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
RSASIG+ENCRYPT+TUNNEL+PFS
Sep 16 12:32:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:32:24 brainless pluto[6868]: |
Sep 16 12:32:24 brainless pluto[6868]: | *received whack message
Sep 16 12:32:24 brainless pluto[6868]: listening for IKE messages
Sep 16 12:32:24 brainless pluto[6868]: | found lo with address 127.0.0.1
Sep 16 12:32:24 brainless pluto[6868]: | found ipsec0 with address
200.176.142.38
Sep 16 12:32:24 brainless pluto[6868]: | found eth0 with address
200.176.142.38
Sep 16 12:32:24 brainless pluto[6868]: | found eth1 with address
192.168.201.254
Sep 16 12:32:24 brainless pluto[6868]: | IP interface eth1
192.168.201.254 has no matching ipsec* interface -- ignored
Sep 16 12:32:24 brainless pluto[6868]: adding interface ipsec0/eth0
200.176.142.38
Sep 16 12:32:24 brainless pluto[6868]: | IP interface lo 127.0.0.1 has
no matching ipsec* interface -- ignored
Sep 16 12:32:24 brainless pluto[6868]: | could not open /proc/net/if_inet6
Sep 16 12:32:24 brainless pluto[6868]: loading secrets from
"/etc/ipsec.secrets"
Sep 16 12:32:24 brainless pluto[6868]: | loaded private key for keyid:
PPK_RSA:AQNWR7mUj
Sep 16 12:32:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:32:32 brainless pluto[6868]: |
Sep 16 12:32:32 brainless pluto[6868]: | *received 176 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:32 brainless pluto[6868]: | creating state object #1 at
0x80c9978
Sep 16 12:32:32 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:32 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:32 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:32 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:32 brainless pluto[6868]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #1
Sep 16 12:32:32 brainless pluto[6868]: "vpn1" #1: responding to Main Mode
Sep 16 12:32:32 brainless pluto[6868]: "vpn1" #1: transition from state
(null) to state STATE_MAIN_R1
Sep 16 12:32:32 brainless pluto[6868]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 16 12:32:32 brainless pluto[6868]: | next event EVENT_RETRANSMIT in
10 seconds for #1
Sep 16 12:32:32 brainless pluto[6868]: |
Sep 16 12:32:32 brainless pluto[6868]: | *received 244 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:32 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:32 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:32 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:32 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:32 brainless pluto[6868]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Sep 16 12:32:32 brainless pluto[6868]: | state object #1 found, in
STATE_MAIN_R1
Sep 16 12:32:32 brainless pluto[6868]: "vpn1" #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 16 12:32:32 brainless pluto[6868]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 16 12:32:32 brainless pluto[6868]: | next event EVENT_RETRANSMIT in
10 seconds for #1
Sep 16 12:32:33 brainless pluto[6868]: |
Sep 16 12:32:33 brainless pluto[6868]: | *received 564 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:33 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:33 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:33 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:33 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:33 brainless pluto[6868]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Sep 16 12:32:33 brainless pluto[6868]: | state object #1 found, in
STATE_MAIN_R2
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #1: Peer ID is ID_FQDN:
'@octopus.rumonorte.com'
Sep 16 12:32:33 brainless pluto[6868]: | offered CA: '%none'
Sep 16 12:32:33 brainless pluto[6868]: | required CA is '%any'
Sep 16 12:32:33 brainless pluto[6868]: | key issuer CA is '%any'
Sep 16 12:32:33 brainless pluto[6868]: | an RSA Sig check passed with
*AQN0TnLB5 [preloaded key]
Sep 16 12:32:33 brainless pluto[6868]: | thinking about whether to send
my certificate:
Sep 16 12:32:33 brainless pluto[6868]: | I have RSA key:
OAKLEY_RSA_SIG cert.type: CERT_NONE sendcert: CERT_ALWAYSSEND
Sep 16 12:32:33 brainless pluto[6868]: | and I did not get a
certificate request, so do not send cert.
Sep 16 12:32:33 brainless pluto[6868]: | looking for secret for
@brainless.rumonorte.com->@octopus.rumonorte.com of kind PPK_RSA
Sep 16 12:32:33 brainless pluto[6868]: | signing hash with RSA Key
*AQNWR7mUj
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 16 12:32:33 brainless pluto[6868]: | inserting event
EVENT_SA_REPLACE, timeout in 3330 seconds for #1
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #1: sent MR3, ISAKMP SA
established
Sep 16 12:32:33 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
111 seconds
Sep 16 12:32:33 brainless pluto[6868]: |
Sep 16 12:32:33 brainless pluto[6868]: | *received 380 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:33 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:33 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:33 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:33 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:33 brainless pluto[6868]: | peer and cookies match on #1,
provided msgid 02c406f6 vs 00000000
Sep 16 12:32:33 brainless pluto[6868]: | state object not found
Sep 16 12:32:33 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:33 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:33 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:33 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:33 brainless pluto[6868]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Sep 16 12:32:33 brainless pluto[6868]: | state object #1 found, in
STATE_MAIN_R3
Sep 16 12:32:33 brainless pluto[6868]: | peer client is subnet
192.168.200.0/24
Sep 16 12:32:33 brainless pluto[6868]: | peer client protocol/port is 0/0
Sep 16 12:32:33 brainless pluto[6868]: | our client is subnet
192.168.201.0/24
Sep 16 12:32:33 brainless pluto[6868]: | our client protocol/port is 0/0
Sep 16 12:32:33 brainless pluto[6868]: | duplicating state object #1
Sep 16 12:32:33 brainless pluto[6868]: | creating state object #2 at
0x80caee8
Sep 16 12:32:33 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:33 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:33 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:33 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:33 brainless pluto[6868]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #2
Sep 16 12:32:33 brainless pluto[6868]: | generate SPI: 04 e0 5c a6
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #2: responding to Quick Mode
Sep 16 12:32:33 brainless pluto[6868]: | route owner of "vpn1" unrouted:
NULL
Sep 16 12:32:33 brainless pluto[6868]: | install_inbound_ipsec_sa()
checking if we can route
Sep 16 12:32:33 brainless pluto[6868]: | route owner of "vpn1" unrouted:
NULL; eroute owner: NULL
Sep 16 12:32:33 brainless pluto[6868]: | could_route called for vpn1
(kind=CK_PERMANENT)
Sep 16 12:32:33 brainless pluto[6868]: | add inbound eroute
192.168.200.0/24:0 --0-> 192.168.201.0/24:0 => tun.1001 at 200.176.142.38
(raw_eroute)
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #2: transition from state
(null) to state STATE_QUICK_R1
Sep 16 12:32:33 brainless pluto[6868]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #2
Sep 16 12:32:33 brainless pluto[6868]: | next event EVENT_RETRANSMIT in
10 seconds for #2
Sep 16 12:32:33 brainless pluto[6868]: |
Sep 16 12:32:33 brainless pluto[6868]: | *received 52 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:33 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:33 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:33 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:33 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:33 brainless pluto[6868]: | peer and cookies match on #2,
provided msgid 02c406f6 vs 02c406f6
Sep 16 12:32:33 brainless pluto[6868]: | state object #2 found, in
STATE_QUICK_R1
Sep 16 12:32:33 brainless pluto[6868]: | install_ipsec_sa() for #2:
outbound only
Sep 16 12:32:33 brainless pluto[6868]: | route owner of "vpn1" unrouted:
NULL; eroute owner: NULL
Sep 16 12:32:33 brainless pluto[6868]: | could_route called for vpn1
(kind=CK_PERMANENT)
Sep 16 12:32:33 brainless pluto[6868]: | sr for #2: unrouted
Sep 16 12:32:33 brainless pluto[6868]: | route owner of "vpn1" unrouted:
NULL; eroute owner: NULL
Sep 16 12:32:33 brainless pluto[6868]: | eroute_connection add eroute
192.168.201.0/24:0 --0-> 192.168.200.0/24:0 => tun.1002 at 200.180.4.245
(raw_eroute)
Sep 16 12:32:33 brainless pluto[6868]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='vpn1'
PLUTO_NEXT_HOP='200.176.142.1' PLUTO_INTERFACE='ipsec0'
PLUTO_ME='200.176.142.38' PLUTO_MY_ID='@brainless.rumonorte.com'
PLUTO_MY_CLIENT='192.168.201.0/24' PLUTO_MY_CLIENT_NET='192.168.201.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.180.4.245'
PLUTO_PEER_ID='@octopus.rumonorte.com'
PLUTO_PEER_CLIENT='192.168.200.0/24'
PLUTO_PEER_CLIENT_NET='192.168.200.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
Sep 16 12:32:33 brainless pluto[6868]: | route_and_eroute:
firewall_notified: true
Sep 16 12:32:33 brainless pluto[6868]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='vpn1'
PLUTO_NEXT_HOP='200.176.142.1' PLUTO_INTERFACE='ipsec0'
PLUTO_ME='200.176.142.38' PLUTO_MY_ID='@brainless.rumonorte.com'
PLUTO_MY_CLIENT='192.168.201.0/24' PLUTO_MY_CLIENT_NET='192.168.201.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.180.4.245'
PLUTO_PEER_ID='@octopus.rumonorte.com'
PLUTO_PEER_CLIENT='192.168.200.0/24'
PLUTO_PEER_CLIENT_NET='192.168.200.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
Sep 16 12:32:33 brainless pluto[6868]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='vpn1'
PLUTO_NEXT_HOP='200.176.142.1' PLUTO_INTERFACE='ipsec0'
PLUTO_ME='200.176.142.38' PLUTO_MY_ID='@brainless.rumonorte.com'
PLUTO_MY_CLIENT='192.168.201.0/24' PLUTO_MY_CLIENT_NET='192.168.201.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.180.4.245'
PLUTO_PEER_ID='@octopus.rumonorte.com'
PLUTO_PEER_CLIENT='192.168.200.0/24'
PLUTO_PEER_CLIENT_NET='192.168.200.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
Sep 16 12:32:33 brainless pluto[6868]: | route_and_eroute: instance
"vpn1", setting eroute_owner {spd=0x80c8740,sr=0x80c8740} to #2 (was #0)
(newest_ipsec_sa=#0)
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 16 12:32:33 brainless pluto[6868]: | inserting event
EVENT_SA_REPLACE, timeout in 28530 seconds for #2
Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #2: IPsec SA established
{ESP=>0x84a2b2a8 <0x04e05ca6}
Sep 16 12:32:33 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
111 seconds
Sep 16 12:32:42 brainless pluto[6868]: |
Sep 16 12:32:42 brainless pluto[6868]: | *received 68 bytes from
200.180.4.245:500 on eth0
Sep 16 12:32:42 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:32:42 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:32:42 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:32:42 brainless pluto[6868]: | state hash entry 8
Sep 16 12:32:42 brainless pluto[6868]: | peer and cookies match on #2,
provided msgid 00000000 vs 02c406f6
Sep 16 12:32:42 brainless pluto[6868]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Sep 16 12:32:42 brainless pluto[6868]: | state object #1 found, in
STATE_MAIN_R3
Sep 16 12:32:42 brainless pluto[6868]: "vpn1" #1: ignoring Delete SA
payload: PROTO_IPSEC_ESP SA(0x84a2b2a7) not found (maybe expired)
Sep 16 12:32:42 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
102 seconds
Sep 16 12:33:47 brainless pluto[6868]: |
Sep 16 12:33:47 brainless pluto[6868]: | *received whack message
Sep 16 12:33:47 brainless pluto[6868]: | duplicating state object #1
Sep 16 12:33:47 brainless pluto[6868]: | creating state object #3 at
0x80cb220
Sep 16 12:33:47 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:33:47 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:33:47 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:33:47 brainless pluto[6868]: | state hash entry 8
Sep 16 12:33:47 brainless pluto[6868]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #3
Sep 16 12:33:47 brainless pluto[6868]: "vpn1" #3: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Sep 16 12:33:47 brainless pluto[6868]: | generate SPI: 04 e0 5c a7
Sep 16 12:33:47 brainless pluto[6868]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #3
Sep 16 12:33:47 brainless pluto[6868]: | next event EVENT_RETRANSMIT in
10 seconds for #3
Sep 16 12:33:48 brainless pluto[6868]: |
Sep 16 12:33:48 brainless pluto[6868]: | *received 348 bytes from
200.180.4.245:500 on eth0
Sep 16 12:33:48 brainless pluto[6868]: | ICOOKIE: 69 43 e8 14 0b f8 27 fe
Sep 16 12:33:48 brainless pluto[6868]: | RCOOKIE: 9f 1d 3d 99 01 7a ed 6b
Sep 16 12:33:48 brainless pluto[6868]: | peer: c8 b4 04 f5
Sep 16 12:33:48 brainless pluto[6868]: | state hash entry 8
Sep 16 12:33:48 brainless pluto[6868]: | peer and cookies match on #3,
provided msgid 6b669531 vs 6b669531
Sep 16 12:33:48 brainless pluto[6868]: | state object #3 found, in
STATE_QUICK_I1
Sep 16 12:33:48 brainless pluto[6868]: | our client is subnet
192.168.201.0/24
Sep 16 12:33:48 brainless pluto[6868]: | our client protocol/port is 0/0
Sep 16 12:33:48 brainless pluto[6868]: | peer client is subnet
192.168.200.0/24
Sep 16 12:33:48 brainless pluto[6868]: | peer client protocol/port is 0/0
Sep 16 12:33:48 brainless pluto[6868]: | install_ipsec_sa() for #3:
inbound and outbound
Sep 16 12:33:48 brainless pluto[6868]: | route owner of "vpn1" erouted:
self; eroute owner: self
Sep 16 12:33:48 brainless pluto[6868]: | could_route called for vpn1
(kind=CK_PERMANENT)
Sep 16 12:33:48 brainless pluto[6868]: | add inbound eroute
192.168.200.0/24:0 --0-> 192.168.201.0/24:0 => tun.1003 at 200.176.142.38
(raw_eroute)
Sep 16 12:33:48 brainless pluto[6868]: | sr for #3: erouted
Sep 16 12:33:48 brainless pluto[6868]: | route owner of "vpn1" erouted:
self; eroute owner: self
Sep 16 12:33:48 brainless pluto[6868]: | eroute_connection replace
eroute 192.168.201.0/24:0 --0-> 192.168.200.0/24:0 =>
tun.1004 at 200.180.4.245 (raw_eroute)
Sep 16 12:33:48 brainless pluto[6868]: | route_and_eroute:
firewall_notified: true
Sep 16 12:33:48 brainless pluto[6868]: | route_and_eroute: instance
"vpn1", setting eroute_owner {spd=0x80c8740,sr=0x80c8740} to #3 (was #2)
(newest_ipsec_sa=#2)
Sep 16 12:33:48 brainless pluto[6868]: "vpn1" #3: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
Sep 16 12:33:48 brainless pluto[6868]: | inserting event
EVENT_SA_REPLACE, timeout in 28112 seconds for #3
Sep 16 12:33:48 brainless pluto[6868]: "vpn1" #3: sent QI2, IPsec SA
established {ESP=>0x84a2b2a9 <0x04e05ca7}
Sep 16 12:33:48 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
36 seconds
Sep 16 12:34:24 brainless pluto[6868]: |
Sep 16 12:34:24 brainless pluto[6868]: | *time to handle event
Sep 16 12:34:24 brainless pluto[6868]: | event after this is
EVENT_SA_REPLACE in 3219 seconds
Sep 16 12:34:24 brainless pluto[6868]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Sep 16 12:34:24 brainless pluto[6868]: | scanning for shunt eroutes
Sep 16 12:34:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:36:24 brainless pluto[6868]: |
Sep 16 12:36:24 brainless pluto[6868]: | *time to handle event
Sep 16 12:36:24 brainless pluto[6868]: | event after this is
EVENT_SA_REPLACE in 3099 seconds
Sep 16 12:36:24 brainless pluto[6868]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Sep 16 12:36:24 brainless pluto[6868]: | scanning for shunt eroutes
Sep 16 12:36:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Sep 16 12:38:24 brainless pluto[6868]: |
Sep 16 12:38:24 brainless pluto[6868]: | *time to handle event
Sep 16 12:38:24 brainless pluto[6868]: | event after this is
EVENT_SA_REPLACE in 2979 seconds
Sep 16 12:38:24 brainless pluto[6868]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Sep 16 12:38:24 brainless pluto[6868]: | scanning for shunt eroutes
Sep 16 12:38:24 brainless pluto[6868]: | next event EVENT_SHUNT_SCAN in
120 seconds
Can u point me any direction to solve this?
Thanks In Advance, Juliano Krieger.
More information about the Users
mailing list