[Openswan Users] openswan + debian + XP SP1

Paulo Ricardo Bruck pauloric at contato.com.br
Wed Feb 23 00:22:03 CET 2005


Hi Guys

After a lot of work I think I'm almost there 8))

Already tested and working
linux+openswan( static IP) --- linux+openswan(static IP)  ok
linux+openswan(static IP)   --- linux+openswan(roadwarrior) ok
linux+openswan(static IP)   ---XP not working ???

I can see thought logs an "ISAKMP SA established", but I still can't
ping or access linxu+openswan or internal lan w/ XP as road warrior
Rules from Iptables are the same since first test w/ static IP.

Can anybody help me or give me a right direction ?

OBS1: by the way I have tested w/ x509 w/ S= Sao Paulo and ST = Sao
Paulo. Last one worked ( may be the same typo
at :http://lists.openswan.org/pipermail/users/2005-January/003546.html)
and doc at:http://www.natecarlson.com/linux/ipsec-x509.php )

??

OBS2: By the way excellet work from all you guys ( list an Nate
Carlson')

Thanks in advanced
_____________________________________________________________________
cat x509_subject.txt
subject= /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Contato Global
Solutions/OU=matriz/CN=Paulo Ricardo
Bruck/emailAddress=pauloric at contato.com.br
_________________________________________________________________
XP - ipsec.conf
conn roadwarrior
        left=%any
        right=200.168.52.239
        rightca="C=BR,ST=Sao Paulo,L=Sao Paulo,O=Contato Global
Solutions,OU=matriz, CN=Paulo Ricardo Bruck,E=pauloric at contato.com.br"
        network=auto
        auto=start
        pfs=yes

conn roadwarrior-net
        left=%any
        right=200.168.52.239
        rightsubnet=192.168.1.0/255.255.255.0
        rightca="C=BR,ST=Sao Paulo,L=Sao Paulo,O=Contato Global
Solutions,OU=matriz, CN=Paulo Ricardo Bruck,E=pauloric at contato.com.br"
        network=auto
        auto=start
        pfs=yes
#rightca="C=US,S=State,L=City,O=ExampleCo,CN=CA,Email=host at example.com"
#subject= /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Contato Global
Solutions/OU=matriz/CN=Paulo Ricardo
Bruck/emailAddress=pauloric at contato.com.br

-- 
Paulo Ricardo Bruck - consultor

-------------- next part --------------
############## com S=Sao Paulo###########

Feb 22 20:26:09 lorien ipsec_setup: KLIPS ipsec0 on eth1 200.168.52.239/255.255.255.192 broadcast 200.168.52.255 
Feb 22 20:26:09 lorien snoopy[13198]: [root, uid:0 sid:12324]: ipsec _plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal yes --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:26:09 lorien snoopy[13198]: [root, uid:0 sid:12324]: /usr/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal yes --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:26:09 lorien snoopy[13200]: [(null), uid:0 sid:12324]: logger -p authpriv.error -t ipsec__plutorun 
Feb 22 20:26:09 lorien ipsec__plutorun: Starting Pluto subsystem...
Feb 22 20:26:09 lorien snoopy[13205]: [(null), uid:0 sid:12324]: logger -s -p daemon.error -t ipsec__plutorun 
Feb 22 20:26:09 lorien ipsec_setup: ...Openswan IPsec started
Feb 22 20:26:09 lorien ipsec_setup: Starting Openswan IPsec 2.3.0...
Feb 22 20:26:09 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/key/af_key.ko 
Feb 22 20:26:09 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/ipv4/xfrm4_tunnel.ko 
Feb 22 20:26:09 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/xfrm/xfrm_user.ko 
Feb 22 20:26:09 lorien snoopy[13204]: [(null), uid:0 sid:12324]: /usr/lib/ipsec/_plutoload --wait no --post  
Feb 22 20:26:09 lorien snoopy[13203]: [(null), uid:0 sid:12324]: /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:26:09 lorien pluto[13203]: Starting Pluto (Openswan Version 2.3.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Feb 22 20:26:09 lorien pluto[13203]: Setting port floating to on
Feb 22 20:26:09 lorien pluto[13203]: port floating activate 1/1
Feb 22 20:26:09 lorien pluto[13203]:   including NAT-Traversal patch (Version 0.6c)
Feb 22 20:26:09 lorien pluto[13203]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Feb 22 20:26:09 lorien pluto[13203]: starting up 1 cryptographic helpers
Feb 22 20:26:09 lorien pluto[13203]: started helper pid=13217 (fd:6)
Feb 22 20:26:09 lorien pluto[13203]: Using Linux 2.6 IPsec interface code
Feb 22 20:26:10 lorien pluto[13203]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 22 20:26:10 lorien pluto[13203]:   loaded CA cert file 'cacert.pem' (1789 bytes)
Feb 22 20:26:10 lorien pluto[13203]: Could not change to directory '/etc/ipsec.d/aacerts'
Feb 22 20:26:10 lorien pluto[13203]: Changing to directory '/etc/ipsec.d/ocspcerts'
Feb 22 20:26:10 lorien pluto[13203]: Changing to directory '/etc/ipsec.d/crls'
Feb 22 20:26:10 lorien pluto[13203]:   loaded crl file 'crl.pem' (735 bytes)
Feb 22 20:26:10 lorien pluto[13203]:   loaded host cert file '/etc/ipsec.d/certs/perry.casadobino.com.br.pem' (5225 bytes)
Feb 22 20:26:10 lorien pluto[13203]: added connection description "roadwarrior"
Feb 22 20:26:10 lorien pluto[13203]:   loaded host cert file '/etc/ipsec.d/certs/perry.casadobino.com.br.pem' (5225 bytes)
Feb 22 20:26:10 lorien pluto[13203]: added connection description "roadwarrior-net"
Feb 22 20:26:10 lorien pluto[13203]: listening for IKE messages
Feb 22 20:26:10 lorien pluto[13203]: adding interface eth1/eth1 200.168.52.239
Feb 22 20:26:10 lorien pluto[13203]: adding interface eth1/eth1 200.168.52.239:4500
Feb 22 20:26:10 lorien pluto[13203]: adding interface eth0/eth0 192.168.1.1
Feb 22 20:26:10 lorien pluto[13203]: adding interface eth0/eth0 192.168.1.1:4500
Feb 22 20:26:10 lorien pluto[13203]: adding interface lo/lo 127.0.0.1
Feb 22 20:26:10 lorien pluto[13203]: adding interface lo/lo 127.0.0.1:4500
Feb 22 20:26:10 lorien pluto[13203]: adding interface lo/lo ::1
Feb 22 20:26:10 lorien pluto[13203]: loading secrets from "/etc/ipsec.secrets"
Feb 22 20:26:10 lorien pluto[13203]:   loaded private key file '/etc/ipsec.d/private/perry.casadobino.com.br.key' (2837 bytes)
Feb 22 20:26:22 lorien pluto[13203]: packet from 200.100.122.5:500: phase 1 message is part of an unknown exchange
Feb 22 20:26:46 lorien pluto[13203]: packet from 200.100.122.5:500: phase 1 message is part of an unknown exchange
Feb 22 20:27:11 lorien pluto[13203]: packet from 200.100.122.5:500: phase 1 message is part of an unknown exchange
Feb 22 20:27:36 lorien pluto[13203]: packet from 200.100.122.5:500: phase 1 message is part of an unknown exchange
Feb 22 20:28:00 lorien pluto[13203]: packet from 200.100.122.5:500: Informational Exchange is for an unknown (expired?) SA
Feb 22 20:29:10 lorien pluto[13203]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:29:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:29:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:29:10 lorien pluto[13203]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:29:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #2: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:29:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:29:16 lorien pluto[13203]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:29:16 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:29:16 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:29:25 lorien pluto[13203]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:29:25 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:29:25 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:29:38 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 22 20:29:40 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:29:40 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:29:42 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:29:47 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:29:49 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:29:49 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: received and ignored informational message
Feb 22 20:29:50 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:29:50 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:29:53 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:30:00 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:30:00 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: received and ignored informational message
Feb 22 20:30:03 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=BR, ST=Sao Paulo, L=Sao Paulo, O=Contato Global Solutions, OU=cerberus, CN=cerberus, E=cerberus at contato.com.br'
Feb 22 20:30:03 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: I am sending my cert
Feb 22 20:30:03 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 22 20:30:03 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: sent MR3, ISAKMP SA established
Feb 22 20:30:04 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #2: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:30:04 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #2: received and ignored informational message
Feb 22 20:30:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:30:10 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:30:20 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:30:20 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: received and ignored informational message
Feb 22 20:30:20 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #2: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:30:26 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #3: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:30:35 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5 #4: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:30:35 lorien pluto[13203]: "roadwarrior"[1] 200.100.122.5: deleting connection "roadwarrior" instance with peer 200.100.122.5 {isakmp=#0/ipsec=#0}
Feb 22 20:30:53 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 22 20:31:17 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 22 20:32:06 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Feb 22 20:32:28 lorien snoopy[13338]: [root, uid:0 sid:12331]: cat /var/run/pluto.pid 
Feb 22 20:32:28 lorien pluto[13203]: shutting down
Feb 22 20:32:28 lorien pluto[13203]: forgetting secrets
Feb 22 20:32:28 lorien pluto[13203]: "roadwarrior"[2] 200.100.122.5: deleting connection "roadwarrior" instance with peer 200.100.122.5 {isakmp=#1/ipsec=#0}
Feb 22 20:32:28 lorien pluto[13203]: "roadwarrior" #1: deleting state (STATE_MAIN_R3)
Feb 22 20:32:28 lorien pluto[13203]: "roadwarrior-net": deleting connection
Feb 22 20:32:28 lorien pluto[13203]: "roadwarrior": deleting connection
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface lo/lo ::1
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface lo/lo 127.0.0.1
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface lo/lo 127.0.0.1
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface eth0/eth0 192.168.1.1
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface eth0/eth0 192.168.1.1
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface eth1/eth1 200.168.52.239
Feb 22 20:32:28 lorien pluto[13203]: shutting down interface eth1/eth1 200.168.52.239
Feb 22 20:32:29 lorien snoopy[13343]: [root, uid:0 sid:12331]: rm -f /var/run/pluto.pid 
Feb 22 20:32:29 lorien snoopy[13357]: [root, uid:0 sid:12331]: rm -f /var/run/ipsec.info /var/run/ipsec_setup.pid /var/run/pluto.pid 
Feb 22 20:32:29 lorien ipsec_setup: ...Openswan IPsec stopped
Feb 22 20:32:29 lorien ipsec_setup: Stopping Openswan IPsec...


############## com ST=Sao Paulo###########


Feb 22 20:33:43 lorien ipsec_setup: KLIPS ipsec0 on eth1 200.168.52.239/255.255.255.192 broadcast 200.168.52.255 
Feb 22 20:33:43 lorien snoopy[13434]: [root, uid:0 sid:12331]: ipsec _plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal yes --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:33:43 lorien snoopy[13434]: [root, uid:0 sid:12331]: /usr/lib/ipsec/_plutorun --debug  --uniqueids yes --nocrsend  --strictcrlpolicy  --nat_traversal yes --keep_alive  --force_keepalive  --disable_port_floating  --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:33:43 lorien snoopy[13436]: [(null), uid:0 sid:12331]: logger -p authpriv.error -t ipsec__plutorun 
Feb 22 20:33:43 lorien ipsec__plutorun: Starting Pluto subsystem...
Feb 22 20:33:43 lorien snoopy[13440]: [(null), uid:0 sid:12331]: /usr/lib/ipsec/_plutoload --wait no --post  
Feb 22 20:33:43 lorien snoopy[13441]: [(null), uid:0 sid:12331]: logger -s -p daemon.error -t ipsec__plutorun 
Feb 22 20:33:43 lorien ipsec_setup: ...Openswan IPsec started
Feb 22 20:33:43 lorien ipsec_setup: Starting Openswan IPsec 2.3.0...
Feb 22 20:33:43 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/key/af_key.ko 
Feb 22 20:33:43 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/ipv4/xfrm4_tunnel.ko 
Feb 22 20:33:43 lorien ipsec_setup: insmod /lib/modules/2.6.9-2-386/kernel/net/xfrm/xfrm_user.ko 
Feb 22 20:33:43 lorien snoopy[13439]: [(null), uid:0 sid:12331]: /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/1
Feb 22 20:33:43 lorien pluto[13439]: Starting Pluto (Openswan Version 2.3.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Feb 22 20:33:43 lorien pluto[13439]: Setting port floating to on
Feb 22 20:33:43 lorien pluto[13439]: port floating activate 1/1
Feb 22 20:33:43 lorien pluto[13439]:   including NAT-Traversal patch (Version 0.6c)
Feb 22 20:33:43 lorien pluto[13439]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Feb 22 20:33:43 lorien pluto[13439]: starting up 1 cryptographic helpers
Feb 22 20:33:43 lorien pluto[13439]: started helper pid=13453 (fd:6)
Feb 22 20:33:43 lorien pluto[13439]: Using Linux 2.6 IPsec interface code
Feb 22 20:33:44 lorien pluto[13439]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 22 20:33:44 lorien pluto[13439]:   loaded CA cert file 'cacert.pem' (1789 bytes)
Feb 22 20:33:44 lorien pluto[13439]: Could not change to directory '/etc/ipsec.d/aacerts'
Feb 22 20:33:44 lorien pluto[13439]: Changing to directory '/etc/ipsec.d/ocspcerts'
Feb 22 20:33:44 lorien pluto[13439]: Changing to directory '/etc/ipsec.d/crls'
Feb 22 20:33:44 lorien pluto[13439]:   loaded crl file 'crl.pem' (735 bytes)
Feb 22 20:33:45 lorien pluto[13439]:   loaded host cert file '/etc/ipsec.d/certs/perry.casadobino.com.br.pem' (5225 bytes)
Feb 22 20:33:45 lorien pluto[13439]: added connection description "roadwarrior"
Feb 22 20:33:45 lorien pluto[13439]:   loaded host cert file '/etc/ipsec.d/certs/perry.casadobino.com.br.pem' (5225 bytes)
Feb 22 20:33:45 lorien pluto[13439]: added connection description "roadwarrior-net"
Feb 22 20:33:45 lorien pluto[13439]: listening for IKE messages
Feb 22 20:33:45 lorien pluto[13439]: adding interface eth1/eth1 200.168.52.239
Feb 22 20:33:45 lorien pluto[13439]: adding interface eth1/eth1 200.168.52.239:4500
Feb 22 20:33:45 lorien pluto[13439]: adding interface eth0/eth0 192.168.1.1
Feb 22 20:33:45 lorien pluto[13439]: adding interface eth0/eth0 192.168.1.1:4500
Feb 22 20:33:45 lorien pluto[13439]: adding interface lo/lo 127.0.0.1
Feb 22 20:33:45 lorien pluto[13439]: adding interface lo/lo 127.0.0.1:4500
Feb 22 20:33:45 lorien pluto[13439]: adding interface lo/lo ::1
Feb 22 20:33:45 lorien pluto[13439]: loading secrets from "/etc/ipsec.secrets"
Feb 22 20:33:45 lorien pluto[13439]:   loaded private key file '/etc/ipsec.d/private/perry.casadobino.com.br.key' (2837 bytes)
Feb 22 20:34:54 lorien pluto[13439]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:34:54 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:34:54 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:34:55 lorien pluto[13439]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:34:55 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:34:55 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:34:57 lorien pluto[13439]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:34:57 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:34:57 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:35:01 lorien pluto[13439]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:35:01 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:35:01 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:35:19 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 22 20:35:20 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:20 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:20 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: received and ignored informational message
Feb 22 20:35:22 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:22 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:35:22 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:26 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:26 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:26 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: received and ignored informational message
Feb 22 20:35:28 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:30 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:30 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: received and ignored informational message
Feb 22 20:35:30 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:31 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:31 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:35:32 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:36 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:36 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:36 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: received and ignored informational message
Feb 22 20:35:43 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: discarding duplicate packet; already STATE_MAIN_R2
Feb 22 20:35:45 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=BR, ST=Sao Paulo, L=Sao Paulo, O=Contato Global Solutions, OU=cerberus, CN=cerberus, E=cerberus at contato.com.br'
Feb 22 20:35:45 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: I am sending my cert
Feb 22 20:35:46 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 22 20:35:46 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: sent MR3, ISAKMP SA established
Feb 22 20:35:52 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: ignoring informational payload, type INVALID_COOKIE
Feb 22 20:35:52 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: received and ignored informational message
Feb 22 20:36:05 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #2: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:36:07 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #3: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:36:10 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 22 20:36:11 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5 #4: max number of retransmissions (2) reached STATE_MAIN_R1
Feb 22 20:36:11 lorien pluto[13439]: "roadwarrior"[1] 200.100.122.5: deleting connection "roadwarrior" instance with peer 200.100.122.5 {isakmp=#0/ipsec=#0}
Feb 22 20:36:34 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 22 20:36:58 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Feb 22 20:37:22 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Feb 22 20:47:57 lorien pluto[13439]: packet from 200.100.122.5:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Feb 22 20:47:57 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: responding to Main Mode from unknown peer 200.100.122.5
Feb 22 20:47:57 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 22 20:47:57 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 22 20:47:59 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: Main mode peer ID is ID_DER_ASN1_DN: 'C=BR, ST=Sao Paulo, L=Sao Paulo, O=Contato Global Solutions, OU=cerberus, CN=cerberus, E=cerberus at contato.com.br'
Feb 22 20:47:59 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: I am sending my cert
Feb 22 20:47:59 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 22 20:47:59 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: sent MR3, ISAKMP SA established
^^^^^^^^^^^^^^^^^^^^^

Feb 22 20:48:00 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 22 20:48:01 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #6: responding to Quick Mode
Feb 22 20:48:01 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Feb 22 20:48:02 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #6: discarding duplicate packet; already STATE_QUICK_R1
Feb 22 20:48:03 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Feb 22 20:48:03 lorien pluto[13439]: "roadwarrior"[2] 200.100.122.5 #6: IPsec SA established {ESP=>0x85f70ffc <0x9bd28bf8}


More information about the Users mailing list