RV: [Openswan Users] RE: My ipsec0 device drops nat-t packets
Ivan Lopez
ilopez at enress.gov.ar
Thu Mar 10 12:27:58 CET 2005
Problem solved. It was only a kernel problem, not openswan problem. I´m using Debian 2.4.26 kernel with 26sec backport now and it seems work very well. But, of course, I haven´t ipsec0 interface anymore. The question is: Can you give some URL where I can see how a packet traverses de iptables chains and where 26sec works?. I´read some posts in this mailing list and some pdf from xelerance and I started to build my packet filter rules from these, but I´d like to know a bit more.
Best Regards.
Ivan
-----Mensaje original-----
De: Ing. Ivan Lopez [mailto:ivan_n_lopez at hotmail.com]
Enviado el: Sábado, 05 de Marzo de 2005 13:50
Para: users at openswan.org
Asunto: [Openswan Users] RE: My ipsec0 device drops nat-t packets
Hi people:
Thanks for your answer. Unafortunelly it still doen't work I was trying a lot of things whitout luck. It' works fine when I connect my roadwarrior (w2k with NAT-T patch) to Internet from a dialed connection (I´had public IP in that case). But it doesn't work for my cablemodem (private IP in that case).
My ipsec config follows:
ipsec.conf:
----------
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
nat_traversal=yes
overridemtu=1300
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/1
# Conexiones
# PC Wxp omalvasio L2TP/IPSEC
conn L2TP-BFAMA
#type=transport
authby=rsasig
pfs=no
# Gateway lado izquierdo (bfama)
left=45.45.45.45
leftnexthop=45.45.45.1
leftid=....
leftprotoport=17/0
#
# Lado derecho: PC Omalvasio
#
right=%any
rightsubnet=vhost:%no,%priv
rightid=....
rightrsasigkey=%cert
rightnexthop=%defaultroute
rightprotoport=17/1701
#Autorizo la conexion, pero no la inicio
auto=add
conn L2TP-BFAMA-old
#type=transport
authby=rsasig
pfs=no
# Gateway lado izquierdo (bfama)
left=45.45.45.45
leftnexthop=45.45.45.1
leftid="..."
leftcert=openswan-cert.pem
leftprotoport=17/1701
#
# Lado derecho: PC Omalvasio
#
right=%any
rightsubnet=vhost:%no,%priv
rightid="...."
rightrsasigkey=%cert
rightnexthop=%defaultroute
rightprotoport=17/1701
#Autorizo la conexion, pero no la inicio
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
I can't view any logs from l2tpd (when roadwarrior is gehind NAT) because I think l2tpd never got any packet. ipsec0 interface drops everything. In klips debug I noticed there are messages saying "Mar 5 11:06:47 bfama
kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy." What are those?
Here is a piece of klips debug:
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: ips_said.dst set to 200.68.215.117.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 24 0pcd7e1f10 with processor 0pc0302570.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process:
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 255.255.255.255.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: found dst mask address.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute set to 45.45.45.45/32:1701->200.68.215.117/32:1701
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 26 0pcd7e1f28 with processor 0pc02fc6e0.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_protocol_process: c7e21e00
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_protocol_process: protocol = 17.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_interp: parsing message type 14(x-addflow(eroute)) with msg_parser 0pc0300560.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: .
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: calling breakeroute and/or makeroute for 45.45.45.45/32->200.68.215.117/32
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: calling makeroute.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: attempting to allocate 192 bytes to insert eroute for 45.45.45.45/32->200.68.215.117/32,
SA: esp.ee3ab5c6 at 200.68.215.117, PID:2855, skb=0p00000000, ident:NULL->NULL
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: 141a1000c82dadf3c844d775110006a506a50000 / 141aff00ffffffffffffffffff00ffffffff0000
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: calling rj_addroute now
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: pid=02855 count= 0 lasttime= 0 45.45.45.45/32 -> 200.68.215.117/32 => esp.ee3ab5c6 at 200.68.215.117
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_makeroute: succeeded.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_x_addflow_parse: makeroute call successful.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build:
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc7e21b7c pfkey_ext=0pc7e21cdc *pfkey_ext=0p00000000.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc7e21b7c pfkey_ext=0pc7e21cdc *pfkey_ext=0pc3d2de20.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_sa_build: spi=ee3ab5c6 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=5 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=45.45.45.45:1701.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=6 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=200.68.215.117:1701.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=21 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=45.45.45.45:0.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=22 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=200.68.215.117:0.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=23 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=255.255.255.255:0.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: exttype=24 proto=0 prefixlen=0
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: found address=255.255.255.255:0.
Mar 5 11:06:47 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184 id:25220 frag_off:0 ttl:114 proto:17 (UDP) chk:53205 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without Non-ESP - spi=0x8e1d5296
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from ESPinUDP packet
Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25220 frag_off:0 ttl:114 proto:50 chk:53205 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 5 11:06:47 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25220 frag_off:0 ttl:114 proto:50 chk:53205 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 200.68.215.117 -> 45.45.45.45
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected SA source address policy.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 First SA in group.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.
Mar 5 11:06:47 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184 id:25229 frag_off:0 ttl:114 proto:17 (UDP) chk:53196 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without Non-ESP - spi=0x8e1d5296
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from ESPinUDP packet
Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25229 frag_off:0 ttl:114 proto:50 chk:53196 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 5 11:06:48 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25229 frag_off:0 ttl:114 proto:50 chk:53196 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 200.68.215.117 -> 45.45.45.45
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected SA source address policy.
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 First SA in group.
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.
Mar 5 11:06:48 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184 id:25251 frag_off:0 ttl:114 proto:17 (UDP) chk:53174 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without Non-ESP - spi=0x8e1d5296
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from ESPinUDP packet
Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25251 frag_off:0 ttl:114 proto:50 chk:53174 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 5 11:06:50 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25251 frag_off:0 ttl:114 proto:50 chk:53174 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 200.68.215.117 -> 45.45.45.45
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected SA source address policy.
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 First SA in group.
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.
Mar 5 11:06:50 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184 id:25274 frag_off:0 ttl:114 proto:17 (UDP) chk:53151 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: ESPinUDP pkt without Non-ESP - spi=0x8e1d5296
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: removing 8 bytes from ESPinUDP packet
Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25274 frag_off:0 ttl:114 proto:50 chk:53151 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 5 11:06:54 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:176 id:25274 frag_off:0 ttl:114 proto:50 chk:53151 saddr:200.68.215.117 daddr:45.45.45.45
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 200.68.215.117 -> 45.45.45.45
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45, src=200.68.215.117 of pkt agrees with expected SA source address policy.
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 First SA in group.
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: natt_type=2
tdbp->ips_natt_type=0 : bad
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: SA:esp.8e1d5296 at 45.45.45.45 does not agree with expected NAT-T policy.
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.
Mar 5 11:06:54 bfama kernel: klips_debug:ipsec_rcv: decap_once failed: -12
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:07:02 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:100 id:25277 frag_off:0 ttl:114 proto:17 (UDP) chk:53232 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: IKE packet - not handled here
Mar 5 11:07:02 bfama kernel: IP12_drop_LCL2VPN:01 IN= OUT=ipsec0 SRC=45.45.45.45 DST=200.68.215.117 LEN=100 TOS=0x00 PREC=0x00 TTL=64 ID=2119 DF PROTO=UDP SPT=4500 DPT=11364 LEN=80
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:07:02 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:116 id:25278 frag_off:0 ttl:114 proto:17 (UDP) chk:53215 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_rcv: IKE packet - not handled here
Mar 5 11:07:02 bfama kernel: debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=6 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=0.0.0.0:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=21 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=45.45.45.45:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=22 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=200.68.215.117:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=23 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=255.255.255.255:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=24 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=255.255.255.255:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc2fb46f0 allocated 184 bytes, &(extensions[0])=0pc7e21cdc
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[1] (type=1)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[5] (type=5)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[6] (type=6)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[21] (type=21)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[22] (type=22)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[23] (type=23)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[24] (type=24)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions permitted=05e00063, seen=01e00063, required=01e00043.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 184 bytes...
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc3054210.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_addflow_parse: sending up x_addflow reply message for satype=11(INT) (proto=61) to socket=0pc3b409d0 succeeded.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_addflow_parse: extr->ips cleaned up and freed.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing SA=%%trap(0pc55bdc00), SAref=175, table=0(0pce804000), entry=175 from the refTable.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:%%trap, ref:-1 reference count decremented.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 88 bytes for downward message.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0, seq=16, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=176, cont=256, tail=255, listsize=256.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=176, table=0, entry=176 of 65536.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes for ipsec_sa struct=0pc55bdc00 ref=176.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pc55bdc00.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: satype 3 lookups to proto=50.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=16, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000063, required=00000063.
Mar 5 11:07:02 bfama kernel: kl>klips_debug:pfkey_msg_build: copying 24 bytes from extensions[1] (type=1)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[5] (type=5)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[6] (type=6)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions permitted=00000063, seen=00000063, required=00000063.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 88 bytes...
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc3054210.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: sending up delete reply message for satype=3(ESP) to socket=0pc3b409d0 succeeded.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing SA=esp.ee3ab5c6 at 200.68.215.117(0pc55bdc00), SAref=176, table=0(0pce804000), entry=176 from the refTable.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.ee3ab5c6 at 200.68.215.117, ref:-1 reference count decremented.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 88 bytes for downward message.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=4, errno=0, satype=3(ESP), len=11, res=0, seq=17, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=177, cont=256, tail=255, listsize=256.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=177, table=0, entry=177 of 65536.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes for ipsec_sa struct=0pc55bdc00 ref=177.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pc55bdc00.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: satype 3 lookups to proto=50.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=4(delete), errno=0, satype=3(ESP), len=11, res=0, seq=17, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: satype 3(ESP) conversion to proto gives 50 for msg_type 4(delete).
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000063, required=00000063.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=1(security-association) remain=9.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=9
ext_type=1(security-association) ext_len=3 parsing ext 0pcd865c70 with parser pfkey_sa_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_parse: successfully found len=3 exttype=1(security-association) spi=8e1d5296 replay=0 state=1 auth=0 encrypt=0 flags=0 ref=-1.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
1(security-association) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=5(source-address) remain=6.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=6
ext_type=5(source-address) ext_len=3 parsing ext 0pcd865c88 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=5(source-address) family=2(AF_INET) address=200.68.215.117 proto=0 port=1701.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
5(source-address) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=6(destination-address) remain=3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=3
ext_type=6(destination-address) ext_len=3 parsing ext 0pcd865ca0 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=6(destination-address) family=2(AF_INET) address=45.45.45.45 proto=0 port=1701.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
6(destination-address) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions permitted=00000063, seen=00000063, required=00000063.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 1 0pcd865c70 with processor 0pc0302240.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_process: .
Mar 5 11:07:02 bfama kernel: klips_debug: ipsec_alg_sa_init() :entering for encalg=0, authalg=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 5 0pcd865c88 with processor 0pc0302570.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 200.68.215.117.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found src address.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 6 0pcd865ca0 with processor 0pc0302570.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 45.45.45.45.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found dst address.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: allocating 16 bytes for saddr.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: ips_said.dst set to 45.45.45.45.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message type 4(delete) with msg_parser 0pc02fe9f0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: .
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=179 of SA:esp.8e1d5296 at 45.45.45.45 requested.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:172 reference count decremented.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_delchain: passed SA:esp.8e1d5296 at 45.45.45.45
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_delchain: unlinking and delting SA:esp.8e1d5296 at 45.45.45.45<6>.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_del: deleting SA:esp.8e1d5296 at 45.45.45.45, hashval=179.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_del: successfully deleted first ipsec_sa in chain.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing SA=esp.8e1d5296 at 45.45.45.45(0pcdf09c00), SAref=172, table=0(0pce804000), entry=172 from the refTable.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:-1 reference count decremented.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: pfkey_msg=0pc1c1ccb0 allocated 88 bytes, &(extensions[0])=0pc7e21cec
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[1] (type=1)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[5] (type=5)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[6] (type=6)
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_build: extensions permitted=00000063, seen=00000063, required=00000063.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: allocating 88 bytes...
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_upmsg: ...allocated at 0pc3054210.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_delete_parse: sending up delete reply message for satype=3(ESP) to socket=0pc3b409d0 succeeded.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_wipe: removing SA=esp.8e1d5296 at 45.45.45.45(0pc55bdc00), SAref=177, table=0(0pce804000), entry=177 from the refTable.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_put: ipsec_sa SA:esp.8e1d5296 at 45.45.45.45, ref:-1 reference count decremented.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: .
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: allocating 120 bytes for downward message.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sendmsg: msg sent for parsing.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=11(INT), len=15, res=0, seq=18, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: SAref requested... head=178, cont=256, tail=255, listsize=256.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_SAref_alloc: allocating SAref=178, table=0, entry=178 of 65536.
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_sa_alloc: allocated 528 bytes for ipsec_sa struct=0pcdf09c00 ref=178.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: allocated
extr->ips=0pcdf09c00.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing message ver=2, type=15(x-delflow(eroute)), errno=0, satype=11(INT), len=15, res=0, seq=18, pid=2855.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=13
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: extensions permitted=05e00c03, required=00000001.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=21(X-source-flow-address) remain=13.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=13
ext_type=21(X-source-flow-address) ext_len=3 parsing ext 0pc1c1ccc0 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=21(X-source-flow-address) family=2(AF_INET) address=45.45.45.45 proto=0 port=1701.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
21(X-source-flow-address) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=22(X-dest-flow-address) remain=10.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=10
ext_type=22(X-dest-flow-address) ext_len=3 parsing ext 0pc1c1ccd8 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=22(X-dest-flow-address) family=2(AF_INET) address=200.68.215.117 proto=0 port=1701.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
22(X-dest-flow-address) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=23(X-source-mask) remain=7.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=7
ext_type=23(X-source-mask) ext_len=3 parsing ext 0pc1c1ccf0 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=23(X-source-mask) family=2(AF_INET) address=255.255.255.255 proto=0 port=65535.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
23(X-source-mask) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: parsing ext
type=24(X-dest-mask) remain=4.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: remain=4
ext_type=24(X-dest-mask) ext_len=3 parsing ext 0pc1c1cd08 with parser pfkey_address_parse.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: found
exttype=24(X-dest-mask) family=2(AF_INET) address=255.255.255.255 proto=0 port=65535.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_parse: Extension
24(X-dest-mask) parsed.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 255.255.255.255.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found src mask address.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute set to 45.45.45.45/32:1701->200.68.215.117/0:1701
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 24 0pc1c1cd08 with processor 0pc0302570.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process:
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found address family=2, AF_INET, 255.255.255.255.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: found dst mask address.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_alloc_eroute: eroute struct already allocated
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_parse: extr->eroute set to 45.45.45.45/32:1701->200.68.215.117/32:1701
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_process: successful.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: processing ext 26 0pc1c1cd20 with processor 0pc02fc6e0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_protocol_process: c7e21e00
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_protocol_process: protocol = 17.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_interp: parsing message type 15(x-delflow(eroute)) with msg_parser 0pc0300d30.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_delflow_parse: .
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_x_delflow_parse: calling breakeroute for 45.45.45.45/32->200.68.215.117/32
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_breakroute: attempting to delete eroute for 45.45.45.45/32:1701->200.68.215.117/32:1701 17
Mar 5 11:07:02 bfama kernel: klips_debug:ipsec_breakroute: deleted eroute=0pcd7e1b70, ident=0p00000000->0p00000000, first=0p00000000, last=0p00000000
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build:
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0pc7e21c00 pfkey_ext=0pc7e21cdc *pfkey_ext=0p00000000.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0pc7e21c00 pfkey_ext=0pc7e21cdc *pfkey_ext=0pc06f2e60.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_sa_build: spi=00000000 replay=0 sa_state=0 auth=0 encrypt=0 flags=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=21 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=45.45.45.45:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=22 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address=200.68.215.117:0.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: successful created len: 3.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build: error=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_safe_build:success.
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: exttype=23 proto=0 prefixlen=0
Mar 5 11:07:02 bfama kernel: klips_debug:pfkey_address_build: found address family AF_INET.
Mar 5 11:07:05 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:07:05 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29 id:25299 frag_off:0 ttl:114 proto:17 (UDP) chk:53281 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:07:05 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from 200.68.215.117.
Mar 5 11:07:18 bfama kernel: klips_debug:@ flags = 6 @key=0pcdfecf90 key =
00000000->00000000 @mask=0p00000000
Mar 5 11:07:18 bfama kernel: klips_debug:@ flags = 6 @key=0pcdfecfa4 key =
ffffffff->ffffffff @mask=0p00000000
Mar 5 11:07:18 bfama kernel: klips_debug: off = 0
Mar 5 11:07:18 bfama kernel: klips_debug:ipsec_eroute_get_info:
buffer=0pc6658000, *start=0p00000000, offset=0, length=3072
Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: for: rn=0pc12c87b8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: processing leaves, rn=0pc12c87e8 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 5 11:07:18 bfama kernel: klips_debug:rj_walktree: while: base=0p00000000 rn=0pc12c87b8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 5 11:07:25 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:07:25 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29 id:25315 frag_off:0 ttl:114 proto:17 (UDP) chk:53265 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:07:25 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from 200.68.215.117.
Mar 5 11:07:45 bfama kernel: klips_debug:ipsec_rcv: suspected ESPinUDP packet (NAT-Traversal) [2].
Mar 5 11:07:45 bfama kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:29 id:25444 frag_off:0 ttl:114 proto:17 (UDP) chk:53136 saddr:200.68.215.117:11364 daddr:45.45.45.45:4500
Mar 5 11:07:45 bfama kernel: klips_debug:ipsec_rcv: NAT-keepalive from 200.68.215.117.
Have you got any idea. Thanks in advance
Ivan.
--------------------------------
Ivan Lopez wrote:
> In that scenario, IPSEC connection stablished perfectly but then
> ipsec0 device starts to drops packets (I can see it with ifconfig)
Could be an MTU problem. Did you check the logs for errors? See also: http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#MTUproblems
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
_______________________________________________
Users mailing list
Users at openswan.org http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list