[Openswan Users] pluto aborted
Norbert Wegener
nw at sbs.de
Wed Jun 15 18:39:41 CEST 2005
Paul Wouters wrote:
> On Wed, 15 Jun 2005 nw at sbs.de wrote:
>
>> some time ago I posted about a problem with an aborting pluto.
>> The problems seemed to have gone when upgragin to openswan 2.3.1.
>> Now it is back again and I have no clue, where it comes from:
>> ISAKMP SA established); EVENT_SA_REPLACE in 3329s; newest ISAKMP; nodpd
>> Jun 15 16:06:13 lnxmchp4 pluto[21586]: "l2tp-winxp"[10]
>> 217.9.111.209:1392 #10:
>> Jun 15 16:06:13 lnxmchp4 ipsec__plutorun: /usr/lib/ipsec/_plutorun:
>> line 221: 21586 Aborted /usr/libexec/ipsec/pluto
>> --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
>> --debug-all --uniqueids --nat_traversal --virtual_private
>> %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>> Jun 15 16:06:13 lnxmchp4 ipsec__plutorun: !pluto failure!: exited
>> with error status 134 (signal 6)
>
>
> Do you have a gdb backtrace for that? Use dumpdir=/tmp in config setup
> to allow core
> files. Some issues have been fixed in cvs last night. I am not sure if
> that is your
> problem though.
>
> Paul
I have no gdb backtrace, but maybe an explanation.
Dozends of employees at a new customer installed their certificates on
their pc.
They setup a connection to the gateway, where they all used the same
firewall, that let a few protocols pass and that natted all internal
addresses to one external address.
With a normal natting device this should not be a problem, with this
firewall it seems to be one.
At one point this leads to a situation, where pluto declares:
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
cannot install eroute -- it is in use for "l2tp-winxp"[2] 1.2.3.4 #4,
where 1.2.3.4 is the external address of the firewall.
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
ASSERTION FAILED at crypto.c:219: st->st_new_iv_len >= e->enc_blocksize
What follows in the logfile is something like the output of ipsec setup
--status, where at the end pluto aborts.
Attached is excerpt from the logfile.
Is this enough to track the problem down? Traffic from the customer's
firewall ip is cancelled now, so that I am not sure, whether I am able
to reproduce that situation with a dump.
Please let me know, if you need further information.
Norbert
-------------- next part --------------
Jun 15 13:05:00 lnxmchp4 pluto[32565]: packet from 62.180.24.5:500: Informational Exchange is for an unknown (expired?) SA
Jun 15 13:05:00 lnxmchp4 pluto[32565]: packet from 62.180.24.5:500: Informational Exchange is for an unknown (expired?) SA
Jun 15 13:05:54 lnxmchp4 pluto[32565]: packet from 1.2.3.4:65465: Informational Exchange is for an unknown (expired?) SA
Jun 15 13:05:55 lnxmchp4 pluto[32565]: packet from 1.2.3.4:65465: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jun 15 13:06:27 lnxmchp4 last message repeated 5 times
Jun 15 13:06:28 lnxmchp4 pluto[32565]: packet from 1.2.3.4:65465: Informational Exchange is for an unknown (expired?) SA
Jun 15 13:06:28 lnxmchp4 pluto[32565]: packet from 1.2.3.4:65465: Informational Exchange is for an unknown (expired?) SA
Jun 15 13:07:21 lnxmchp4 pluto[32565]: packet from 1.2.3.4:134: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jun 15 13:07:21 lnxmchp4 pluto[32565]: packet from 1.2.3.4:134: ignoring Vendor ID payload [FRAGMENTATION]
Jun 15 13:07:21 lnxmchp4 pluto[32565]: packet from 1.2.3.4:134: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Jun 15 13:07:21 lnxmchp4 pluto[32565]: packet from 1.2.3.4:134: ignoring Vendor ID payload [Vid-Initial-Contact]
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: responding to Main Mode from unknown peer 1.2.3.4
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: Main mode peer ID is ID_DER_ASN1_DN: 'SN=ZZZZZ1Q1, G=Guido, S=Wippler, O=testlab, CN=Guido Wippler'
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "ad-l2tp-linuxnat"[3] 1.2.3.4 #5: no crl from issuer "C=DE, ST=NRW, L=Essen, O=SBS, OU=Relax, CN=uebergangs-ca, E=relax at sbs.de" found (strict=no)
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #5: deleting connection "ad-l2tp-linuxnat" instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #5: I am sending my cert
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 15 13:07:21 lnxmchp4 pluto[32565]: | NAT-T: new mapping 1.2.3.4:134/65465)
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #5: sent MR3, ISAKMP SA established
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: responding to Quick Mode {msgid:0a8649f1}
Jun 15 13:07:21 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: cannot install eroute -- it is in use for "l2tp-winxp"[2] 1.2.3.4 #4
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: ASSERTION FAILED at crypto.c:219: st->st_new_iv_len >= e->enc_blocksize
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface lo/lo ::1
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface lo/lo 127.0.0.1
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface lo/lo 127.0.0.1
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface eth0/eth0 139.25.207.232
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface eth0/eth0 139.25.207.232
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface eth1/eth1 111.222.73.17
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: interface eth1/eth1 111.222.73.17
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: %myid = (none)
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: debug none
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": 111.222.73.17[CN=e04f0jjc.ww901.siemens.net]---111.222.73.1...%virtual===?; unrouted; eroute owner: #0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": CAs: 'C=DE, DC=net, DC=siemens, O=testlab, OU=Issuing CA for machine certificates in the Siemens AD forest, OU=Copyright (C) Siemens AG 2003 All rights reserved, CN=Siemens Issuing CA Class AD'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-linuxnat": newest ISAKMP SA: #0; newest IPsec SA: #0;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": 111.222.73.17[CN=e04f0jjc.ww901.siemens.net]:17/1701---111.222.73.1...%any:17/1701; unrouted; eroute owner: #0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": CAs: 'C=DE, DC=net, DC=siemens, O=testlab, OU=Issuing CA for machine certificates in the Siemens AD forest, OU=Copyright (C) Siemens AG 2003 All rights reserved, CN=Siemens Issuing CA Class AD'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "ad-l2tp-winxp": newest ISAKMP SA: #0; newest IPsec SA: #0;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": 111.222.73.17[CN=srv2]---111.222.73.1...%virtual===?; unrouted; eroute owner: #0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": CAs: 'C=DE, ST=NRW, L=Essen, O=SBS, OU=Relax, CN=uebergangs-ca, E=relax at sbs.de'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-linuxnat": newest ISAKMP SA: #0; newest IPsec SA: #0;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": 111.222.73.17[CN=srv2]:17/1701---111.222.73.1...%any:17/1701; unrouted; eroute owner: #0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": CAs: 'C=DE, ST=NRW, L=Essen, O=SBS, OU=Relax, CN=uebergangs-ca, E=relax at sbs.de'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp": newest ISAKMP SA: #0; newest IPsec SA: #0;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: 111.222.73.17[CN=srv2]:17/1701---111.222.73.1...1.2.3.4[SN=Z0017B3U, G=Thomas, S=Kotkowski, O=testlab, CN=Thomas Kotkowski]:17/1701; erouted; eroute owner: #4
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: CAs: 'C=DE, ST=NRW, L=Essen, O=SBS, OU=Relax, CN=uebergangs-ca, E=relax at sbs.de'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: newest ISAKMP SA: #3; newest IPsec SA: #4;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[2]: IKE algorithm newest: 3DES_CBC_192-SHA1-MODP2048
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: 111.222.73.17[CN=srv2]:17/1701---111.222.73.1...1.2.3.4[SN=ZZZZZ1Q1, G=Guido, S=Wippler, O=testlab, CN=Guido Wippler]:17/1701; unrouted; eroute owner: #0
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: srcip=unset; dstip=unset
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: CAs: 'C=DE, ST=NRW, L=Essen, O=SBS, OU=Relax, CN=uebergangs-ca, E=relax at sbs.de'...'%any'
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: policy: RSASIG+ENCRYPT+TUNNEL; prio: 32,32; interface: eth1;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: newest ISAKMP SA: #5; newest IPsec SA: #0;
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: "l2tp-winxp"[3]: IKE algorithm newest: 3DES_CBC_192-SHA1-MODP2048
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: #4: "l2tp-winxp"[2] 1.2.3.4:65484 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2956s; newest IPSEC; eroute owner
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: #4: "l2tp-winxp"[2] 1.2.3.4 esp.55c0ac3a at 1.2.3.4 esp.66945a59 at 111.222.73.17
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: #3: "l2tp-winxp"[2] 1.2.3.4:65484 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2956s; newest ISAKMP; nodpd
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: #6: "l2tp-winxp"[3] 1.2.3.4:65465 STATE_QUICK_R0 (expecting QI1); EVENT_CRYPTO_FAILED in 299s; nodpd
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6: #5: "l2tp-winxp"[3] 1.2.3.4:65465 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3329s; newest ISAKMP; nodpd
Jun 15 13:07:22 lnxmchp4 pluto[32565]: "l2tp-winxp"[3] 1.2.3.4 #6:
Jun 15 13:07:22 lnxmchp4 ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 221: 32565 Aborted /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-none --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
Jun 15 13:07:22 lnxmchp4 ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
Jun 15 13:07:22 lnxmchp4 ipsec__plutorun: restarting IPsec after pause...
Jun 15 13:07:32 lnxmchp4 kernel: NET: Unregistered protocol family 15
Jun 15 13:07:32 lnxmchp4 ipsec_setup: ...Openswan IPsec stopped
Jun 15 13:07:32 lnxmchp4 ipsec_setup: Stopping Openswan IPsec...
Jun 15 13:07:32 lnxmchp4 ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
More information about the Users
mailing list