[Openswan Users] RE: My ipsec0 device drops nat-t packets

Ing. Ivan Lopez ivan_n_lopez at hotmail.com
Sat Mar 5 13:50:18 CET 2005


Hi people:
Thanks for your answer. Unafortunelly it still doen't work I was trying a
lot of things whitout luck. It' works fine when I connect my roadwarrior
(w2k with NAT-T patch) to Internet from a dialed connection (I´had public IP
in that case). But it doesn't work for my cablemodem (private IP in that
case).

My ipsec config follows:
ipsec.conf:
----------
# basic configuration

config setup

# Debug-logging controls: "none" for (almost) none, "all" for lots.

interfaces=%defaultroute

klipsdebug=none

plutodebug=none

uniqueids=yes

nat_traversal=yes

overridemtu=1300

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/1

# Conexiones

# PC Wxp omalvasio L2TP/IPSEC

conn L2TP-BFAMA

#type=transport

authby=rsasig

pfs=no

# Gateway lado izquierdo (bfama)

left=45.45.45.45

leftnexthop=45.45.45.1

leftid=....

leftprotoport=17/0

#

# Lado derecho: PC Omalvasio

#

right=%any

rightsubnet=vhost:%no,%priv

rightid=....

rightrsasigkey=%cert

rightnexthop=%defaultroute

rightprotoport=17/1701

#Autorizo la conexion, pero no la inicio

auto=add

conn L2TP-BFAMA-old

#type=transport

authby=rsasig

pfs=no

# Gateway lado izquierdo (bfama)

left=45.45.45.45

leftnexthop=45.45.45.1

leftid="..."

leftcert=openswan-cert.pem

leftprotoport=17/1701

#

# Lado derecho: PC Omalvasio

#

right=%any

rightsubnet=vhost:%no,%priv

rightid="...."

rightrsasigkey=%cert

rightnexthop=%defaultroute

rightprotoport=17/1701

#Autorizo la conexion, pero no la inicio

auto=add

#Disable Opportunistic Encryption

include /etc/ipsec.d/examples/no_oe.conf


I can't view any logs from l2tpd (when roadwarrior is gehind NAT) because I
think l2tpd never got any packet. ipsec0 interface drops everything.
In klips debug I noticed there are messages saying "Mar 5 11:06:47 bfama
kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree
with expected NAT-T policy."  What are those?

Here is a piece of klips debug:
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: ips_said.dst
set to 200.68.215.117.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 24
0pcd7e1f10 with processor 0pc0302570.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process:

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: found
address family=2, AF_INET, 255.255.255.255.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: found dst
mask address.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct
already allocated

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute
set to 45.45.45.45/32:1701->200.68.215.117/32:1701

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 26
0pcd7e1f28 with processor 0pc02fc6e0.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_protocol_process: c7e21e00

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_protocol_process: protocol
= 17.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
type 14(x-addflow(eroute)) with msg_parser 0pc0300560.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: .

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: calling
breakeroute and/or makeroute for 45.45.45.45/32->200.68.215.117/32

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: calling
makeroute.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: attempting to
allocate 192 bytes to insert eroute for 45.45.45.45/32->200.68.215.117/32,
SA: esp.ee3ab5c6 at 200.68.215.117, PID:2855, skb=0p00000000, ident:NULL->NULL

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute:
141a1000c82dadf3c844d775110006a506a50000 /
141aff00ffffffffffffffffff00ffffffff0000

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: calling
rj_addroute now

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: pid=02855 count= 0
lasttime= 0 45.45.45.45/32 -> 200.68.215.117/32 =>
esp.ee3ab5c6 at 200.68.215.117

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: succeeded.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: makeroute
call successful.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build:

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_entry
&pfkey_ext=0pc7e21b7c pfkey_ext=0pc7e21cdc *pfkey_ext=0p00000000.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_exit
&pfkey_ext=0pc7e21b7c pfkey_ext=0pc7e21cdc *pfkey_ext=0pc3d2de20.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_sa_build: spi=ee3ab5c6
replay=0 sa_state=0 auth=0 encrypt=0 flags=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=5
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=45.45.45.45:1701.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=6
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=200.68.215.117:1701.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=21
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=45.45.45.45:0.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=22
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=200.68.215.117:0.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=23
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=255.255.255.255:0.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=24
proto=0 prefixlen=0

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found
address=255.255.255.255:0.

Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184
id:25220 frag_off:0 ttl:114 proto:17 (UDP) chk:53205
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without
Non-ESP - spi=0x8e1d5296

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from
ESPinUDP packet

Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25220 frag_off:0 ttl:114 proto:50 chk:53205 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.

Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25220 frag_off:0 ttl:114 proto:50 chk:53205 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50)
from 200.68.215.117 -> 45.45.45.45

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected
SA source address policy.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 First SA in group.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.

Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184
id:25229 frag_off:0 ttl:114 proto:17 (UDP) chk:53196
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without
Non-ESP - spi=0x8e1d5296

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from
ESPinUDP packet

Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25229 frag_off:0 ttl:114 proto:50 chk:53196 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.

Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25229 frag_off:0 ttl:114 proto:50 chk:53196 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50)
from 200.68.215.117 -> 45.45.45.45

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected
SA source address policy.

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 First SA in group.

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.

Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184
id:25251 frag_off:0 ttl:114 proto:17 (UDP) chk:53174
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without
Non-ESP - spi=0x8e1d5296

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from
ESPinUDP packet

Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25251 frag_off:0 ttl:114 proto:50 chk:53174 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.

Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25251 frag_off:0 ttl:114 proto:50 chk:53174 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50)
from 200.68.215.117 -> 45.45.45.45

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected
SA source address policy.

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 First SA in group.

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.

Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184
id:25274 frag_off:0 ttl:114 proto:17 (UDP) chk:53151
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without
Non-ESP - spi=0x8e1d5296

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from
ESPinUDP packet

Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25274 frag_off:0 ttl:114 proto:50 chk:53151 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: assigning packet
ownership to virtual device ipsec0 from physical device eth0.

Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176
id:25274 frag_off:0 ttl:114 proto:50 chk:53151 saddr:200.68.215.117
daddr:45.45.45.45

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50)
from 200.68.215.117 -> 45.45.45.45

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected
SA source address policy.

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 First SA in group.

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv:
SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.

Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:07:02 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:100
id:25277 frag_off:0 ttl:114 proto:17 (UDP) chk:53232
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: IKE packet - not handled
here

Mar 5 11:07:02 bfama kernel: IP12_drop_LCL2VPN:01 IN= OUT=ipsec0
SRC=45.45.45.45 DST=200.68.215.117 LEN=100 TOS=0x00 PREC=0x00 TTL=64 ID=2119
DF PROTO=UDP SPT=4500 DPT=11364 LEN=80

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:07:02 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:116
id:25278 frag_off:0 ttl:114 proto:17 (UDP) chk:53215
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: IKE packet - not handled
here

Mar 5 11:07:02 bfama kernel: debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=6
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=0.0.0.0:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=21
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=45.45.45.45:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=22
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=200.68.215.117:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=23
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=255.255.255.255:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=24
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=255.255.255.255:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build:
pfkey_msg=0pc2fb46f0 allocated 184 bytes, &(extensions[0])=0pc7e21cdc

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[1] (type=1)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[5] (type=5)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[6] (type=6)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[21] (type=21)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[22] (type=22)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[23] (type=23)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[24] (type=24)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions
permitted=05e00063, seen=01e00063, required=01e00043.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 184
bytes...

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at
0pc3054210.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_addflow_parse: sending up
x_addflow reply message for satype=11(INT) (proto=61) to socket=0pc3b409d0
succeeded.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_addflow_parse: extr->ips
cleaned up and freed.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing
SA=%%trap(0pc55bdc00), SAref=175, table=0(0pce804000), entry=175 from the
refTable.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:%%trap,
ref:-1 reference count decremented.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 88 bytes
for downward message.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for
parsing.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0, seq=16, pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref
requested... head=176, cont=256, tail=255, listsize=256.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating
SAref=176, table=0, entry=176 of 65536.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes
for ipsec_sa struct=0pc55bdc00 ref=176.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pc55bdc00.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: satype 3 lookups
to proto=50.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message
ver=2, type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=16,
pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: satype 3(ESP)
conversion to proto gives 50 for msg_type 4(delete).

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions
permitted=00000063, required=00000063.

Mar 5 11:07:02 bfama kernel: kl>klips_debug:pfkey_msg_build: copying 24
bytes from extensions[1] (type=1)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[5] (type=5)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[6] (type=6)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions
permitted=00000063, seen=00000063, required=00000063.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 88 bytes...

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at
0pc3054210.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: sending up
delete reply message for satype=3(ESP) to socket=0pc3b409d0 succeeded.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing
SA=esp.ee3ab5c6 at 200.68.215.117(0pc55bdc00), SAref=176, table=0(0pce804000),
entry=176 from the refTable.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.ee3ab5c6 at 200.68.215.117, ref:-1 reference count decremented.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 88 bytes
for downward message.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for
parsing.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0, seq=17, pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref
requested... head=177, cont=256, tail=255, listsize=256.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating
SAref=177, table=0, entry=177 of 65536.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes
for ipsec_sa struct=0pc55bdc00 ref=177.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pc55bdc00.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: satype 3 lookups
to proto=50.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message
ver=2, type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=17,
pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: satype 3(ESP)
conversion to proto gives 50 for msg_type 4(delete).

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions
permitted=00000063, required=00000063.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0pcd865c70 with
parser pfkey_sa_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_parse: successfully found
len=3 exttype=1(security-association) spi=8e1d5296 replay=0 state=1 auth=0
encrypt=0 flags=0 ref=-1.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
1(security-association) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0pcd865c88 with parser
pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=200.68.215.117 proto=0
port=1701.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
5(source-address) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0pcd865ca0 with parser
pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=45.45.45.45 proto=0
port=1701.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
6(destination-address) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions
permitted=00000063, seen=00000063, required=00000063.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 1
0pcd865c70 with processor 0pc0302240.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_process: .

Mar 5 11:07:02 bfama kernel: klips_debug: ipsec_alg_sa_init() :entering for
encalg=0, authalg=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 5
0pcd865c88 with processor 0pc0302570.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found
address family=2, AF_INET, 200.68.215.117.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found src
address.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: allocating
16 bytes for saddr.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 6
0pcd865ca0 with processor 0pc0302570.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found
address family=2, AF_INET, 45.45.45.45.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found dst
address.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: allocating
16 bytes for saddr.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: ips_said.dst
set to 45.45.45.45.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
type 4(delete) with msg_parser 0pc02fe9f0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: .

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in
ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_delchain: passed
SA:esp.8e1d5296 at 45.45.45.45

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_delchain: unlinking and
delting SA:esp.8e1d5296 at 45.45.45.45<6>.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_del: deleting
SA:esp.8e1d5296 at 45.45.45.45, hashval=179.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_del: successfully deleted
first ipsec_sa in chain.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing
SA=esp.8e1d5296 at 45.45.45.45(0pcdf09c00), SAref=172, table=0(0pce804000),
entry=172 from the refTable.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:-1 reference count decremented.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build:
pfkey_msg=0pc1c1ccb0 allocated 88 bytes, &(extensions[0])=0pc7e21cec

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[1] (type=1)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[5] (type=5)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes
from extensions[6] (type=6)

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions
permitted=00000063, seen=00000063, required=00000063.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 88 bytes...

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at
0pc3054210.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: sending up
delete reply message for satype=3(ESP) to socket=0pc3b409d0 succeeded.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing
SA=esp.8e1d5296 at 45.45.45.45(0pc55bdc00), SAref=177, table=0(0pce804000),
entry=177 from the refTable.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa
SA:esp.8e1d5296 at 45.45.45.45, ref:-1 reference count decremented.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 120 bytes
for downward message.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for
parsing.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
ver=2, type=15, errno=0, satype=11(INT), len=15, res=0, seq=18, pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref
requested... head=178, cont=256, tail=255, listsize=256.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating
SAref=178, table=0, entry=178 of 65536.

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes
for ipsec_sa struct=0pcdf09c00 ref=178.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pcdf09c00.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message
ver=2, type=15(x-delflow(eroute)), errno=0, satype=11(INT), len=15, res=0,
seq=18, pid=2855.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=13

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions
permitted=05e00c03, required=00000001.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=21(X-source-flow-address) remain=13.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=13
ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0pc1c1ccc0 with
parser pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=21(X-source-flow-address) family=2(AF_INET) address=45.45.45.45
proto=0 port=1701.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
21(X-source-flow-address) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=22(X-dest-flow-address) remain=10.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=10
ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0pc1c1ccd8 with
parser pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=22(X-dest-flow-address) family=2(AF_INET) address=200.68.215.117
proto=0 port=1701.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
22(X-dest-flow-address) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=23(X-source-mask) remain=7.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=7
ext_type=23(X-source-mask) ext_len=3 parsing ext 0pc1c1ccf0 with parser
pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.255 proto=0
port=65535.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
23(X-source-mask) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=24(X-dest-mask) remain=4.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=4
ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pc1c1cd08 with parser
pfkey_address_parse.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.255 proto=0
port=65535.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
24(X-dest-mask) parsed.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found
address family=2, AF_INET, 255.255.255.255.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found src
mask address.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct
already allocated

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute
set to 45.45.45.45/32:1701->200.68.215.117/0:1701

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 24
0pc1c1cd08 with processor 0pc0302570.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found
address family=2, AF_INET, 255.255.255.255.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found dst
mask address.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct
already allocated

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute
set to 45.45.45.45/32:1701->200.68.215.117/32:1701

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 26
0pc1c1cd20 with processor 0pc02fc6e0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_protocol_process: c7e21e00

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_protocol_process: protocol
= 17.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message
type 15(x-delflow(eroute)) with msg_parser 0pc0300d30.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_delflow_parse: .

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_delflow_parse: calling
breakeroute for 45.45.45.45/32->200.68.215.117/32

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_breakroute: attempting to
delete eroute for 45.45.45.45/32:1701->200.68.215.117/32:1701 17

Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_breakroute: deleted
eroute=0pcd7e1b70, ident=0p00000000->0p00000000, first=0p00000000,
last=0p00000000

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build:

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_entry
&pfkey_ext=0pc7e21c00 pfkey_ext=0pc7e21cdc *pfkey_ext=0p00000000.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_exit
&pfkey_ext=0pc7e21c00 pfkey_ext=0pc7e21cdc *pfkey_ext=0pc06f2e60.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_build: spi=00000000
replay=0 sa_state=0 auth=0 encrypt=0 flags=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=21
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=45.45.45.45:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=22
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found
address=200.68.215.117:0.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful
created len: 3.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=23
proto=0 prefixlen=0

Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address
family AF_INET.

Mar 5 11:07:05 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:07:05 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29
id:25299 frag_off:0 ttl:114 proto:17 (UDP) chk:53281
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:07:05 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from
200.68.215.117.

Mar 5 11:07:18 bfama kernel: klips_debug:@ flags = 6 @key=0pcdfecf90 key =
00000000->00000000 @mask=0p00000000

Mar 5 11:07:18 bfama kernel: klips_debug:@ flags = 6 @key=0pcdfecfa4 key =
ffffffff->ffffffff @mask=0p00000000

Mar 5 11:07:18 bfama kernel: klips_debug: off = 0

Mar 5 11:07:18 bfama kernel: klips_debug:ipsec_eroute_get_info:
buffer=0pc6658000, *start=0p00000000, offset=0, length=3072

Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: for: rn=0pc12c87b8
rj_b=-3 rj_flags=6 leaf key = 00000000->00000000

Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: processing leaves,
rn=0pc12c87e8 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff

Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: while: base=0p00000000
rn=0pc12c87b8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000

Mar 5 11:07:25 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:07:25 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29
id:25315 frag_off:0 ttl:114 proto:17 (UDP) chk:53265
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:07:25 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from
200.68.215.117.

Mar 5 11:07:45 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP
packet (NAT-Traversal) [2].

Mar 5 11:07:45 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29
id:25444 frag_off:0 ttl:114 proto:17 (UDP) chk:53136
saddr:200.68.215.117:11364 daddr:45.45.45.45:4500

Mar 5 11:07:45 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from
200.68.215.117.

Have you got any idea. Thanks in advance
Ivan.
--------------------------------



Ivan Lopez wrote:

> In that scenario, IPSEC connection stablished perfectly but then ipsec0
> device starts to drops packets (I can see it with ifconfig)

Could be an MTU problem. Did you check the logs for errors? See also:
http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#MTUproblems

Jacco
--
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list