[Openswan Users] KLIPS+2.6.11: SA established but bad auths (long)

Jimmie Mayfield mayfield+openswan at sackheads.org
Thu Mar 17 13:44:52 CET 2005


Hi.  I have an existing Openswan 2.3.0 running on a 2.4.28 machine and I'm 
having all sorts of problems trying to get a new 2.6.11 machine to interoperate
in transport mode using preshared secrets.

Originally, I tried using 2.6's underlying NETKEY stuff.  That seemed to work
for a while but inevitably connections would hang.  On the surface, it seemed
like the MTU problem so many other people were having (though I'd set my MSS
to 1400 with no effect).  I'd prefer to use KLIPS anyway so I didn't spend much
time pursuing it.

So now I'm running KLIPS on the 2.6 machine using cvs HEAD.  This is an Intel
x86-64 machine and I'm pleased to say that aside from a couple printfs that 
issued warnings everything built fine.  Both machines appear to agree that an
acceptable SA has been established.  Compression has been disabled so far as
I can tell.  But all subsequent packets are failing.

machine1: kaon (9.51.94.21)    (2.4.28, openswan 2.3.0)
machine2: grinch2 (9.51.92.23) (2.6.11, openswan_2 cvs HEAD)

Attempt to ping grinch2 from kaon:

Mar 17 13:30:27 grinch2 kernel: klips_debug:ipsec_rcv: packet from 9.51.94.21 
   received with seq=1 (iv)=0x81ce262cfd4769ec iplen=136 esplen=104 
   sa=esp.4108dc4d at 9.51.92.23
Mar 17 13:30:27 grinch2 kernel: klips_debug:ipsec_rcv: encalg = 12, authalg = 3.
Mar 17 13:30:27 grinch2 kernel: klips_debug:ipsec_rcv: auth failed on incoming 
   packet from 9.51.94.21: hash=fd99aac29e09b15d766966fa 
   auth=607ce5fc9a4d239f7afe9b14, dropped
Mar 17 13:30:27 grinch2 kernel: klips_debug:ipsec_rcv: decap_once failed: -16

I see similar errors if I try to ping in the other direction.


--- BEGIN BARF OUTPUT ---

grinch2
Thu Mar 17 13:38:24 EST 2005
+ _________________________ version
+ ipsec --version
Linux Openswan 2.CVSHEAD (klips)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.11 (jimmiem at grinch2) (gcc version 3.3.3 (SuSE Linux)) #3 SMP Wed Mar 16 15:11:24 EST 2005
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ sort -sg +3 /proc/net/ipsec_eroute
0          9.51.92.23/32      -> 9.51.94.21/32      => esp0x9a0af054 at 9.51.94.21
+ _________________________ netstat-rn
+ netstat -nr
+ head -100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
9.51.94.21      9.51.92.1       255.255.255.255 UGH       0 0          0 ipsec0
9.51.92.0       0.0.0.0         255.255.255.0   U         0 0          0 eth0
9.51.92.0       0.0.0.0         255.255.255.0   U         0 0          0 ipsec0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         9.51.92.1       0.0.0.0         UG        0 0          0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
esp0x4108dc4e at 9.51.92.23 ESP_AES_HMAC_SHA1: dir=in  src=9.51.94.21 iv_bits=128bits iv=0x844960e826e92b16bd1f0ef3bd86bae9 ooowin=64 alen=160 aklen=160 auth_errs=6 eklen=128 life(c,s,h)=addtime(280,0,0) natencap=none natsport=0 natdport=0 refcount=9 ref=137 reftable=0 refentry=137
esp0x4108dc4d at 9.51.92.23 ESP_AES_HMAC_SHA1: dir=in  src=9.51.94.21 iv_bits=128bits iv=0x9e488d5f37daf52b514fdfa4616d02bf ooowin=64 alen=160 aklen=160 auth_errs=1 eklen=128 life(c,s,h)=addtime(1319,0,0) natencap=none natsport=0 natdport=0 refcount=4 ref=132 reftable=0 refentry=132
esp0x9a0af054 at 9.51.94.21 ESP_AES_HMAC_SHA1: dir=out src=9.51.92.23 iv_bits=128bits iv=0x529b18dd8231b2f8111ae51ae36bbc7a ooowin=64 alen=160 aklen=160 eklen=128 life(c,s,h)=addtime(280,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=138 reftable=0 refentry=138
esp0x9a0af04f at 9.51.94.21 ESP_AES_HMAC_SHA1: dir=out src=9.51.92.23 iv_bits=128bits iv=0x4f65ae720c007737600356476230e84c ooowin=64 alen=160 aklen=160 eklen=128 life(c,s,h)=addtime(1319,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=133 reftable=0 refentry=133
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
esp0x4108dc4e at 9.51.92.23 
esp0x4108dc4d at 9.51.92.23 
esp0x9a0af054 at 9.51.94.21 
esp0x9a0af04f at 9.51.94.21 
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1447) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check pfkey_lossage tos
debug_ah:-1
debug_eroute:-1
debug_esp:-1
debug_ipcomp:-1
debug_netlink:2147483647
debug_pfkey:-1
debug_radij:-1
debug_rcv:-1
debug_spi:-1
debug_tunnel:-1
debug_verbose:0
debug_xform:-1
icmp:1
inbound_policy_check:1
pfkey_lossage:0
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 9.51.92.23
000 %myid = (none)
000 debug none
000  
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168, keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000  
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000  
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,3,64} trans={0,3,96} attrs={0,3,32} 
000  
000 "kaon-grinch2": 9.51.92.23---9.51.92.1...9.51.92.1---9.51.94.21; erouted; eroute owner: #22
000 "kaon-grinch2":     srcip=unset; dstip=unset
000 "kaon-grinch2":   ike_life: 1800s; ipsec_life: 1800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "kaon-grinch2":   policy: PSK+ENCRYPT+PFS+UP; prio: 32,32; interface: eth0; 
000 "kaon-grinch2":   newest ISAKMP SA: #21; newest IPsec SA: #22; 
000 "kaon-grinch2":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "kaon-grinch2":   ESP algorithms wanted: 3_000-2, flags=-strict
000 "kaon-grinch2":   ESP algorithms loaded: 3_000-2, flags=-strict
000 "kaon-grinch2":   ESP algorithm newest: AES_0-HMAC_SHA1; pfsgroup=<Phase1>
000  
000 #19: "kaon-grinch2":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 211s
000 #19: "kaon-grinch2" esp.9a0af04f at 9.51.94.21 esp.4108dc4d at 9.51.92.23
000 #20: "kaon-grinch2":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 294s; lastdpd=-1s(seq in:0 out:0)
000 #22: "kaon-grinch2":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 1250s; newest IPSEC; eroute owner
000 #22: "kaon-grinch2" esp.9a0af054 at 9.51.94.21 esp.4108dc4e at 9.51.92.23
000 #21: "kaon-grinch2":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1123s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000  
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:0D:60:16:14:CF  
          inet addr:9.51.92.23  Bcast:9.51.92.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:386708 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46417 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:54077874 (51.5 Mb)  TX bytes:11905252 (11.3 Mb)
          Interrupt:16 

ipsec0    Link encap:Ethernet  HWaddr 00:0D:60:16:14:CF  
          inet addr:9.51.92.23  Mask:255.255.255.0
          UP RUNNING NOARP  MTU:16260  Metric:1
          RX packets:29 errors:0 dropped:29 overruns:0 frame:0
          TX packets:135 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:25226 (24.6 Kb)

ipsec1    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec2    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

ipsec3    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:0  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5683 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5683 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2921458 (2.7 Mb)  TX bytes:2921458 (2.7 Mb)

+ _________________________ ip-addr-list
+ ip addr list
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:0d:60:16:14:cf brd ff:ff:ff:ff:ff:ff
    inet 9.51.92.23/24 brd 9.51.92.255 scope global eth0
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
23: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
    link/ether 00:0d:60:16:14:cf brd ff:ff:ff:ff:ff:ff
    inet 9.51.92.23/24 brd 9.51.92.255 scope global ipsec0
24: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
25: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
26: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
    link/void 
+ _________________________ ip-route-list
+ ip route list
9.51.94.21 via 9.51.92.1 dev ipsec0 
9.51.92.0/24 dev eth0  proto kernel  scope link  src 9.51.92.23 
9.51.92.0/24 dev ipsec0  proto kernel  scope link  src 9.51.92.23 
169.254.0.0/16 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default via 9.51.92.1 dev eth0 
+ _________________________ ip-rule-list
+ ip rule list
RTNETLINK answers: Invalid argument
Dump terminated
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                  	[OK]
Linux Openswan 2.CVSHEAD (klips)
Checking for IPsec support in kernel                             	[OK]
Checking for RSA private key (/etc/ipsec.secrets)                	[FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                   	[OK]
Checking for 'ip' command                                        	[OK]
Checking for 'iptables' command                                  	[OK]
Checking for 'curl' command for CRL fetching                     	[OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: grinch2                  	[MISSING]
   Does the machine have at least one non-private address?       	[OK]
   Looking for TXT in reverse dns zone: 23.92.51.9.in-addr.arpa. 	[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
SIOCGMIIPHY on 'eth0' failed: Operation not supported
no MII interfaces found
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
grinch2.XXXXXXXXX.XXX.XXX
+ _________________________ hostname/ipaddress
+ hostname --ip-address
9.51.92.23 
+ _________________________ uptime
+ uptime
  1:38pm  up  22:24,  4 users,  load average: 0.03, 0.01, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI   VSZ  RSS WCHAN  STAT TTY        TIME COMMAND
0     0 13928 13464  18   0  8164 1464 wait   S+   pts/1      0:00                      \_ /bin/sh /usr/local/libexec/ipsec/barf
0     0 14031 13928  19   0  2848  684 pipe_w S+   pts/1      0:00                          \_ /bin/grep -E -i ppid|pluto|ipsec|klip
1     0 11227     1  20   0  8036 1432 wait   S    ttyS0      0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids y
1     0 11228 11227  20   0  8036 1448 wait   S    ttyS0      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniquei
4     0 11229 11228  15   0  7748 1572 -      S    ttyS0      0:00  |   \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /et
1     0 11241 11229  26  10  5644  920 184466 SN   ttyS0      0:00  |       \_ pluto helper  #  0                                   
0     0 11244 11229  24   0  3488  320 -      S    ttyS0      0:00  |       \_ _pluto_adns
0     0 11231 11227  16   0  8040 1424 pipe_w S    ttyS0      0:00  \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post 
0     0 11230     1  15   0  2740  596 pipe_w S    ttyS0      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=9.51.92.23
routenexthop=9.51.92.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $

# This file:  /usr/share/doc/packages/freeswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
#
# Help:
# http://www.strongsec.com/freeswan/install.htm

version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=all
	plutodebug=none
	# Certificate Revocation List handling
	#crlcheckinterval=600
	#strictcrlpolicy=yes
	# Change rp_filter setting, default = 0 (switch off)
	#rp_filter=%unchanged
	# Switch on NAT-Traversal (if patch is installed)
	#nat_traversal=yes

# default settings for connections
conn %default
	auth=esp
	authby=secret
	compress=no
	disablearrivalcheck=no
	keyingtries=0
	keylife=1800s
	ikelifetime=1800s 
	pfs=yes


# OE policy groups are disabled by default
conn block
	auto=ignore

conn clear
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn packetdefault
	auto=ignore

#conn OEself
#	auto=ignore

# Add connections here.

conn kaon-grinch2
	left=kaon.XXXXXXXXX.XXX.XXX
	leftnexthop=%defaultroute
	right=grinch2.XXXXXXXXX.XXX.XXX
	rightnexthop=%defaultroute
	auto=start
	type=transport

+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# kaon-grinch2
#
kaon.XXXXXXXXX.XXX.XXX  grinch2.XXXXXXXXX.XXX.XXX: PSK "[sums to b9ee...]"

+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/packages/freeswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/packages/freeswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/packages/freeswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/packages/freeswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/packages/freeswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 228
-rwxr-xr-x  1 root root 15468 Mar 17 10:52 _confread
-rwxr-xr-x  1 root root 15468 Mar 17 10:27 _confread.old
-rwxr-xr-x  1 root root 21038 Mar 17 10:52 _copyright
-rwxr-xr-x  1 root root 21038 Mar 17 10:27 _copyright.old
-rwxr-xr-x  1 root root  2379 Mar 17 10:52 _include
-rwxr-xr-x  1 root root  2379 Mar 17 10:27 _include.old
-rwxr-xr-x  1 root root  1475 Mar 17 10:52 _keycensor
-rwxr-xr-x  1 root root  1475 Mar 17 10:27 _keycensor.old
-rwxr-xr-x  1 root root  3586 Mar 17 10:52 _plutoload
-rwxr-xr-x  1 root root  3586 Mar 17 10:27 _plutoload.old
-rwxr-xr-x  1 root root  7319 Mar 17 10:52 _plutorun
-rwxr-xr-x  1 root root  7319 Mar 17 10:27 _plutorun.old
-rwxr-xr-x  1 root root 11715 Mar 17 10:52 _realsetup
-rwxr-xr-x  1 root root 11715 Mar 17 10:27 _realsetup.old
-rwxr-xr-x  1 root root  1975 Mar 17 10:52 _secretcensor
-rwxr-xr-x  1 root root  1975 Mar 17 10:27 _secretcensor.old
-rwxr-xr-x  1 root root  9365 Mar 17 10:52 _startklips
-rwxr-xr-x  1 root root  9365 Mar 17 10:27 _startklips.old
-rwxr-xr-x  1 root root 12329 Mar 17 10:52 _updown
-rwxr-xr-x  1 root root 12329 Mar 17 10:27 _updown.old
-rwxr-xr-x  1 root root  7572 Mar 17 10:52 _updown_x509
-rwxr-xr-x  1 root root  7572 Mar 17 10:27 _updown_x509.old
-rwxr-xr-x  1 root root  1942 Mar 17 10:52 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 6587
-rwxr-xr-x  1 root root   31288 Mar 17 10:52 _pluto_adns
-rwxr-xr-x  1 root root   31288 Mar 17 10:27 _pluto_adns.old
-rwxr-xr-x  1 root root   18846 Mar 17 10:52 auto
-rwxr-xr-x  1 root root   18846 Mar 17 10:27 auto.old
-rwxr-xr-x  1 root root   10582 Mar 17 10:52 barf
-rwxr-xr-x  1 root root   10582 Mar 17 10:27 barf.old
-rwxr-xr-x  1 root root     816 Mar 17 10:52 calcgoo
-rwxr-xr-x  1 root root     816 Mar 17 10:27 calcgoo.old
-rwxr-xr-x  1 root root  228334 Mar 17 10:52 eroute
-rwxr-xr-x  1 root root  227666 Mar 17 10:27 eroute.old
-rwxr-xr-x  1 root root   75813 Mar 17 10:52 ikeping
-rwxr-xr-x  1 root root   75813 Mar 17 10:27 ikeping.old
-rwxr-xr-x  1 root root  149117 Mar 17 10:52 klipsdebug
-rwxr-xr-x  1 root root  148129 Mar 17 10:27 klipsdebug.old
-rwxr-xr-x  1 root root    1664 Mar 17 10:52 livetest
-rwxr-xr-x  1 root root    1664 Mar 17 10:27 livetest.old
-rwxr-xr-x  1 root root    2467 Mar 17 10:52 look
-rwxr-xr-x  1 root root    2467 Mar 17 10:27 look.old
-rwxr-xr-x  1 root root    7159 Mar 17 10:52 mailkey
-rwxr-xr-x  1 root root    7159 Mar 17 10:27 mailkey.old
-rwxr-xr-x  1 root root   15937 Mar 17 10:52 manual
-rwxr-xr-x  1 root root   15937 Mar 17 10:27 manual.old
-rwxr-xr-x  1 root root    1874 Mar 17 10:52 newhostkey
-rwxr-xr-x  1 root root    1874 Mar 17 10:27 newhostkey.old
-rwxr-xr-x  1 root root  135018 Mar 17 10:52 pf_key
-rwxr-xr-x  1 root root  133774 Mar 17 10:27 pf_key.old
-rwxr-xr-x  1 root root 1785815 Mar 17 10:52 pluto
-rwxr-xr-x  1 root root 1715369 Mar 17 10:27 pluto.old
-rwxr-xr-x  1 root root   32346 Mar 17 10:52 ranbits
-rwxr-xr-x  1 root root   32346 Mar 17 10:27 ranbits.old
-rwxr-xr-x  1 root root   69137 Mar 17 10:52 rsasigkey
-rwxr-xr-x  1 root root   69137 Mar 17 10:27 rsasigkey.old
-rwxr-xr-x  1 root root     766 Mar 17 10:52 secrets
-rwxr-xr-x  1 root root     766 Mar 17 10:27 secrets.old
-rwxr-xr-x  1 root root   17602 Mar 17 10:52 send-pr
-rwxr-xr-x  1 root root   17602 Mar 17 10:27 send-pr.old
lrwxrwxrwx  1 root root      15 Mar 17 10:52 setup -> /etc/rc.d/ipsec
-rwxr-xr-x  1 root root    1054 Mar 17 10:52 showdefaults
-rwxr-xr-x  1 root root    1054 Mar 17 10:27 showdefaults.old
-rwxr-xr-x  1 root root    4748 Mar 17 10:52 showhostkey
-rwxr-xr-x  1 root root    4748 Mar 17 10:27 showhostkey.old
-rwxr-xr-x  1 root root  392783 Mar 17 10:52 spi
-rwxr-xr-x  1 root root  387707 Mar 17 10:27 spi.old
-rwxr-xr-x  1 root root  190039 Mar 17 10:52 spigrp
-rwxr-xr-x  1 root root  189347 Mar 17 10:27 spigrp.old
-rwxr-xr-x  1 root root   31902 Mar 17 10:52 tncfg
-rwxr-xr-x  1 root root   31902 Mar 17 10:27 tncfg.old
-rwxr-xr-x  1 root root   10201 Mar 17 10:52 verify
-rwxr-xr-x  1 root root   10201 Mar 17 10:27 verify.old
-rwxr-xr-x  1 root root  149460 Mar 17 10:52 whack
-rwxr-xr-x  1 root root  149428 Mar 17 10:27 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
  eth0:54078422  386712    0    0    0     0          0    271714 11905517   46420    0    0    0     0       0          0
    lo: 2921458    5683    0    0    0     0          0         0  2921458    5683    0    0    0     0       0          0
ipsec0:       0      29    0   29    0     0          0         0    25226     135    0    0    0     0       0          0
ipsec1:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ipsec2:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
ipsec3:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
ipsec0	155E3309	015C3309	0007	0	0	0	FFFFFFFF	0	0	0                                                                             
eth0	005C3309	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                               
ipsec0	005C3309	00000000	0001	0	0	0	00FFFFFF	0	0	0                                                                             
eth0	0000FEA9	00000000	0001	0	0	0	0000FFFF	0	0	0                                                                               
lo	0000007F	00000000	0001	0	0	0	000000FF	0	0	0                                                                                 
eth0	00000000	015C3309	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
ipsec0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux grinch2 2.6.11 #3 SMP Wed Mar 16 15:11:24 EST 2005 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ test -r /etc/fedora-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ cat /proc/net/ipsec_version
Openswan version: 2.CVSHEAD
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ test -r /sbin/ipchains
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipsec 356284 5 - Live 0xffffffff880ae000
iptable_mangle 3584 0 - Live 0xffffffff8803e000
ipt_TCPMSS 4992 0 - Live 0xffffffff880ab000
ipt_REJECT 7808 0 - Live 0xffffffff880a8000
ipt_state 2560 0 - Live 0xffffffff880a6000
ipt_LOG 8064 0 - Live 0xffffffff880a3000
ipt_limit 3200 0 - Live 0xffffffff880a1000
iptable_nat 26324 0 - Live 0xffffffff88099000
ip_conntrack 49340 2 ipt_state,iptable_nat, Live 0xffffffff8808b000
iptable_filter 3840 1 - Live 0xffffffff88089000
ip_tables 24336 8 iptable_mangle,ipt_TCPMSS,ipt_REJECT,ipt_state,ipt_LOG,ipt_limit,iptable_nat,iptable_filter, Live 0xffffffff88082000
deflate 4480 0 - Live 0xffffffff8807f000
zlib_deflate 23448 1 deflate, Live 0xffffffff88078000
twofish 39936 0 - Live 0xffffffff8806d000
serpent 17152 0 - Live 0xffffffff88067000
aes 28480 0 - Live 0xffffffff8805f000
blowfish 9344 0 - Live 0xffffffff8805b000
sha256 9472 0 - Live 0xffffffff88057000
sha1 9088 0 - Live 0xffffffff88053000
crypto_null 3200 0 - Live 0xffffffff88051000
joydev 11648 0 - Live 0xffffffff88032000
floppy 65168 0 - Live 0xffffffff88021000
i2c_i801 9748 0 - Live 0xffffffff8801d000
i2c_core 26880 1 i2c_i801, Live 0xffffffff88015000
evdev 11008 0 - Live 0xffffffff88011000
vfat 15744 0 - Live 0xffffffff8800c000
fat 42288 1 vfat, Live 0xffffffff88000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:      1542992 kB
MemFree:        665100 kB
Buffers:        210400 kB
Cached:         376032 kB
SwapCached:          0 kB
Active:         314360 kB
Inactive:       302104 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:      1542992 kB
LowFree:        665100 kB
SwapTotal:     1052216 kB
SwapFree:      1052216 kB
Dirty:              80 kB
Writeback:           0 kB
Mapped:          48312 kB
Slab:           245112 kB
CommitLimit:   1823712 kB
Committed_AS:   146068 kB
PageTables:       1772 kB
VmallocTotal: 34359738367 kB
VmallocUsed:    270840 kB
VmallocChunk: 34359467515 kB
HugePages_Total:     0
HugePages_Free:      0
Hugepagesize:     2048 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
lrwxrwxrwx  1 root root 16 Mar 17 13:38 /proc/net/ipsec_eroute -> ipsec/eroute/all
lrwxrwxrwx  1 root root 16 Mar 17 13:38 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
lrwxrwxrwx  1 root root 13 Mar 17 13:38 /proc/net/ipsec_spi -> ipsec/spi/all
lrwxrwxrwx  1 root root 16 Mar 17 13:38 /proc/net/ipsec_spigrp -> ipsec/spigrp/all
lrwxrwxrwx  1 root root 11 Mar 17 13:38 /proc/net/ipsec_tncfg -> ipsec/tncfg
lrwxrwxrwx  1 root root 13 Mar 17 13:38 /proc/net/ipsec_version -> ipsec/version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_IP_MROUTE is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=y
# CONFIG_IP_TCPDIAG_IPV6 is not set
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=m
# CONFIG_IP_NF_CT_ACCT is not set
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_REALM is not set
# CONFIG_IP_NF_MATCH_SCTP is not set
# CONFIG_IP_NF_MATCH_COMMENT is not set
CONFIG_IP_NF_MATCH_CONNMARK=m
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_CONNMARK=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_SCTP=m
# CONFIG_IPX is not set
CONFIG_IPMI_HANDLER=m
CONFIG_IPMI_PANIC_EVENT=y
# CONFIG_IPMI_PANIC_STRING is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
# CONFIG_IPMI_SI is not set
CONFIG_IPMI_WATCHDOG=m
# CONFIG_IPMI_POWEROFF is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf - Configuration file for syslogd(8)
#
# For info about the format of this file, see "man syslog.conf".
#

#
#
# print most on tty10 and on the xconsole pipe
#
kern.warning;*.err;authpriv.none	 /dev/tty10
kern.warning;*.err;authpriv.none	|/dev/xconsole
*.emerg				 *

# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert				 root


#
# all email-messages in one file
#
mail.*				-/var/log/mail
mail.info			-/var/log/mail.info
mail.warning			-/var/log/mail.warn
mail.err			 /var/log/mail.err

#
# all news-messages
#
# these files are rotated and examined by "news.daily"
news.crit			-/var/log/news/news.crit
news.err			-/var/log/news/news.err
news.notice			-/var/log/news/news.notice
# enable this, if you want to keep all news messages
# in one file
#news.*				-/var/log/news.all

#
# Warnings in one file
#
*.=warning;*.=err		-/var/log/warn
*.crit				 /var/log/warn

#
# save the rest in one file
#
*.debug;mail.none;news.none	-/var/log/debug
*.*;mail.none;news.none		-/var/log/messages

#
# enable this, if you want to keep all messages
# in one file
#*.*				-/var/log/allmessages

#
# Some foreign boot scripts require local7
#
local0,local1.*			-/var/log/localmessages
local2,local3.*			-/var/log/localmessages
local4,local5.*			-/var/log/localmessages
local6,local7.*			-/var/log/localmessages
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 9.0.7.1
nameserver 9.0.6.11
search XXXXXXXXX.XXX.XXX XXX.XXX
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 1
drwxr-xr-x  3 root root 104 Jul  2  2004 scripts
drwxr-xr-x  2 root root  48 Jul  2  2004 2.6.5-override-smp
drwxr-xr-x  3 root root  80 Mar 11 11:13 precompiled
drwxr-xr-x  4 root root 480 Mar 11 12:23 2.6.5-7.97-smp.bak
drwxr-xr-x  4 root root 480 Mar 16 14:58 2.6.5-7.97-smp
drwxr-xr-x  3 root root 424 Mar 17 10:53 2.6.11
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff803092e0 T netif_rx
ffffffff80309520 T netif_rx_ni
ffffffff803092e0 U netif_rx	[ipsec]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.11: 
2.6.5-7.97-smp: 
2.6.5-7.97-smp.bak: 
2.6.5-override-smp: 
precompiled: 
scripts: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Mar 17 13:37:15 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002eada000, *start=0p0000000000000000, offset=28, length=3072
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: <<< Info -- skb->dev=eth0 dev=eth0 
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 17 13:38:07 grinch2 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:136 id:8447 frag_off:0 ttl:63 proto:50 chk:36275 saddr:9.51.94.21 daddr:9.51.92.23
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 9.51.94.21 -> 9.51.92.23
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=19 of SA:esp.4108dc4e at 9.51.92.23 requested.
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: SA:esp.4108dc4e at 9.51.92.23, src=9.51.94.21 of pkt agrees with expected SA source address policy.
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: SA:esp.4108dc4e at 9.51.92.23 First SA in group.
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: natt_type=0 tdbp->ips_natt_type=0 : ok
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: packet from 9.51.94.21 received with seq=5 (iv)=0x9d7d5855bb41730e iplen=136 esplen=104 sa=esp.4108dc4e at 9.51.92.23
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: encalg = 12, authalg = 3.
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: auth failed on incoming packet from 9.51.94.21: hash=aaa590772df024a7d95a2c9a auth=8aade97de6dbc4bf0523c383, dropped
Mar 17 13:38:07 grinch2 kernel: klips_debug:ipsec_rcv: decap_once failed: -16
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: <<< Info -- skb->dev=eth0 dev=eth0 
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: assigning packet ownership to virtual device ipsec0 from physical device eth0.
Mar 17 13:38:08 grinch2 kernel: klips_debug:   IP: ihl:20 ver:4 tos:0 tlen:136 id:8448 frag_off:0 ttl:63 proto:50 chk:36274 saddr:9.51.94.21 daddr:9.51.92.23
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv_decap_once: decap (50) from 9.51.94.21 -> 9.51.92.23
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_sa_getbyid: linked entry in ipsec_sa table for hash=19 of SA:esp.4108dc4e at 9.51.92.23 requested.
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: SA:esp.4108dc4e at 9.51.92.23, src=9.51.94.21 of pkt agrees with expected SA source address policy.
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: SA:esp.4108dc4e at 9.51.92.23 First SA in group.
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: natt_type=0 tdbp->ips_natt_type=0 : ok
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: packet from 9.51.94.21 received with seq=6 (iv)=0xc488f8ce890d876f iplen=136 esplen=104 sa=esp.4108dc4e at 9.51.92.23
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: encalg = 12, authalg = 3.
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: auth failed on incoming packet from 9.51.94.21: hash=e64f9a89991b4ef48017f50b auth=976751d007dcc11d51346bd5, dropped
Mar 17 13:38:08 grinch2 kernel: klips_debug:ipsec_rcv: decap_once failed: -16
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff810027b56000, *start=0p0000000000000000, offset=0, length=1024
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff81002d1e3e58
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff810027b56000, *start=0p0000000000000000, offset=80, length=944
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff81002d1e3e58
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:14 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff810027b56000, *start=0p0000000000000000, offset=80, length=1024
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:14 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:14 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff81002d1e3e58
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002b5d0000, *start=0p0000000000000000, offset=0, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002b5d0000, *start=0p0000000000000000, offset=28, length=996
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002d600000, *start=0p0000000000000000, offset=28, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff81002ae3e000, *start=0p0000000000000000, offset=0, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff810027f69e58
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff81002ae3e000, *start=0p0000000000000000, offset=80, length=944
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff810027f69e58
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 6 @key=0pffff81003eb93640 key = 00000000->00000000 @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:@@ flags = 4 @key=0pffff810048d0daa0 key = 09335c17->09335e15 @mask=0pffff81003fb09460 mask = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:* off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:@ flags = 6 @key=0pffff81003eb93654 key = ffffffff->ffffffff @mask=0p0000000000000000
Mar 17 13:38:24 grinch2 kernel: klips_debug: off = 0
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_eroute_get_info: buffer=0pffff81002ae3e000, *start=0p0000000000000000, offset=80, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810038fdb7c8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: for: rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: processing leaves, rn=0pffff810038fdb828 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Mar 17 13:38:24 grinch2 kernel: klips_debug:rj_walktree: while: base=0p0000000000000000 rn=0pffff810048d0da00 rj_b=-1 rj_flags=4 leaf key = 09335c17->09335e15
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_rj_walker_procprint: rn=0pffff810048d0da00, w0=0pffff810027f69e58
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spi_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=0, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spi_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=1098, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spi_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=1098, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spigrp_get_info: buffer=0pffff810024d11000, *start=0p0000000000000000, offset=0, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spigrp_get_info: buffer=0pffff810024d11000, *start=0p0000000000000000, offset=104, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_spigrp_get_info: buffer=0pffff810024d11000, *start=0p0000000000000000, offset=104, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_tncfg_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=0, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_tncfg_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=126, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_tncfg_get_info: buffer=0pffff810027adf000, *start=0p0000000000000000, offset=126, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002d333000, *start=0p0000000000000000, offset=0, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002d333000, *start=0p0000000000000000, offset=28, length=996
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff810045fbf000, *start=0p0000000000000000, offset=28, length=1024
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002b78e000, *start=0p0000000000000000, offset=0, length=3072
Mar 17 13:38:24 grinch2 kernel: klips_debug:ipsec_version_get_info: buffer=0pffff81002b78e000, *start=0p0000000000000000, offset=28, length=3072
+ _________________________ plog
+ sed -n '9534,$p' /var/log/warn
+ egrep -i pluto
+ cat
Mar 17 11:28:14 grinch2 ipsec__plutorun: Starting Pluto subsystem...
Mar 17 11:28:14 grinch2 pluto[11229]: Starting Pluto (Openswan Version 2.CVSHEAD X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEEFBy\177du|_[)
Mar 17 11:28:14 grinch2 pluto[11229]: Setting port floating to off
Mar 17 11:28:14 grinch2 pluto[11229]: port floating activate 0/1
Mar 17 11:28:14 grinch2 pluto[11229]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Mar 17 11:28:14 grinch2 pluto[11229]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar 17 11:28:14 grinch2 pluto[11229]: starting up 1 cryptographic helpers
Mar 17 11:28:14 grinch2 pluto[11229]: started helper pid=11241 (fd:6)
Mar 17 11:28:14 grinch2 pluto[11229]: Using KLIPS IPsec interface code
Mar 17 11:28:14 grinch2 pluto[11229]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 17 11:28:14 grinch2 pluto[11229]: Changing to directory '/etc/ipsec.d/aacerts'
Mar 17 11:28:14 grinch2 pluto[11229]: Changing to directory '/etc/ipsec.d/ocspcerts'
Mar 17 11:28:14 grinch2 pluto[11229]: Changing to directory '/etc/ipsec.d/crls'
Mar 17 11:28:14 grinch2 pluto[11229]:   Warning: empty directory
Mar 17 11:28:14 grinch2 pluto[11229]: added connection description "kaon-grinch2"
Mar 17 11:28:14 grinch2 pluto[11229]: listening for IKE messages
Mar 17 11:28:14 grinch2 pluto[11229]: adding interface ipsec0/eth0 9.51.92.23:500
Mar 17 11:28:14 grinch2 pluto[11229]: loading secrets from "/etc/ipsec.secrets"
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: initiating Main Mode
Mar 17 11:28:14 grinch2 ipsec__plutorun: 104 "kaon-grinch2" #1: STATE_MAIN_I1: initiate
Mar 17 11:28:14 grinch2 ipsec__plutorun: ...could not start conn "kaon-grinch2"
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: received Vendor ID payload [Dead Peer Detection]
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: I did not send a certificate because I do not have one.
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: ISAKMP SA established
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP {using isakmp#1}
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #2: sent QI2, IPsec SA established {ESP=>0x2ba71adf <0x4108dc43}
Mar 17 11:28:14 grinch2 pluto[11229]: "kaon-grinch2" #1: Informational Exchange message must be encrypted
Mar 17 11:28:21 grinch2 pluto[11229]: "kaon-grinch2" #3: responding to Quick Mode {msgid:c1c275c6}
Mar 17 11:28:21 grinch2 pluto[11229]: "kaon-grinch2" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 11:28:21 grinch2 pluto[11229]: "kaon-grinch2" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 11:28:21 grinch2 pluto[11229]: "kaon-grinch2" #3: IPsec SA established {ESP=>0x2ba71ae0 <0x4108dc44}
Mar 17 11:28:24 grinch2 pluto[11229]: "kaon-grinch2" #2: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:28:24 grinch2 pluto[11229]: "kaon-grinch2" #1: Informational Exchange message must be encrypted
Mar 17 11:28:26 grinch2 pluto[11229]: packet from 9.51.94.21:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Mar 17 11:28:31 grinch2 pluto[11229]: "kaon-grinch2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x2ba71adc) not found (maybe expired)
Mar 17 11:28:31 grinch2 pluto[11229]: "kaon-grinch2" #1: received and ignored informational message
Mar 17 11:28:44 grinch2 pluto[11229]: "kaon-grinch2" #2: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:28:44 grinch2 pluto[11229]: "kaon-grinch2" #1: Informational Exchange message must be encrypted
Mar 17 11:29:06 grinch2 pluto[11229]: packet from 9.51.94.21:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Mar 17 11:29:46 grinch2 pluto[11229]: packet from 9.51.94.21:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Mar 17 11:29:52 grinch2 pluto[11229]: "kaon-grinch2" #1: received Delete SA payload: replace IPSEC State #3 in 10 seconds
Mar 17 11:29:52 grinch2 pluto[11229]: "kaon-grinch2" #1: received and ignored informational message
Mar 17 11:29:52 grinch2 pluto[11229]: "kaon-grinch2" #1: received Delete SA payload: deleting ISAKMP State #1
Mar 17 11:29:52 grinch2 pluto[11229]: packet from 9.51.94.21:500: received and ignored informational message
Mar 17 11:29:57 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: responding to Main Mode
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: I did not send a certificate because I do not have one.
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #4: sent MR3, ISAKMP SA established
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #5: responding to Quick Mode {msgid:ac48a2be}
Mar 17 11:29:57 grinch2 pluto[11229]: "kaon-grinch2" #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 11:29:58 grinch2 pluto[11229]: "kaon-grinch2" #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 11:29:58 grinch2 pluto[11229]: "kaon-grinch2" #5: IPsec SA established {ESP=>0xb8497c33 <0x4108dc45}
Mar 17 11:33:44 grinch2 pluto[11229]: "kaon-grinch2" #4: received Delete SA payload: replace IPSEC State #5 in 10 seconds
Mar 17 11:33:44 grinch2 pluto[11229]: "kaon-grinch2" #4: received and ignored informational message
Mar 17 11:33:44 grinch2 pluto[11229]: "kaon-grinch2" #4: received Delete SA payload: deleting ISAKMP State #4
Mar 17 11:33:44 grinch2 pluto[11229]: packet from 9.51.94.21:500: received and ignored informational message
Mar 17 11:33:51 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: responding to Main Mode
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: I did not send a certificate because I do not have one.
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 11:33:51 grinch2 pluto[11229]: "kaon-grinch2" #6: sent MR3, ISAKMP SA established
Mar 17 11:33:54 grinch2 pluto[11229]: "kaon-grinch2" #7: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #5 {using isakmp#6}
Mar 17 11:33:54 grinch2 pluto[11229]: "kaon-grinch2" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 17 11:33:54 grinch2 pluto[11229]: "kaon-grinch2" #7: sent QI2, IPsec SA established {ESP=>0x9a0af02f <0x4108dc46}
Mar 17 11:33:54 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:34:04 grinch2 pluto[11229]: "kaon-grinch2" #7: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:34:04 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:34:24 grinch2 pluto[11229]: "kaon-grinch2" #7: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:34:24 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:35:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:35:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:36:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:37:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:37:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:38:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:39:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:39:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:40:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:41:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:41:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:42:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:43:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:43:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:44:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:45:04 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:45:44 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:46:24 grinch2 pluto[11229]: "kaon-grinch2" #7: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:47:15 grinch2 pluto[11229]: "kaon-grinch2" #8: initiating Quick Mode PSK+ENCRYPT+PFS+UP to replace #7 {using isakmp#6}
Mar 17 11:47:15 grinch2 pluto[11229]: "kaon-grinch2" #8: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 17 11:47:15 grinch2 pluto[11229]: "kaon-grinch2" #8: sent QI2, IPsec SA established {ESP=>0x9a0af031 <0x4108dc47}
Mar 17 11:47:15 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:47:25 grinch2 pluto[11229]: "kaon-grinch2" #8: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:47:25 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:47:45 grinch2 pluto[11229]: "kaon-grinch2" #8: retransmitting in response to duplicate packet; already STATE_QUICK_I2
Mar 17 11:47:45 grinch2 pluto[11229]: "kaon-grinch2" #6: Informational Exchange message must be encrypted
Mar 17 11:48:25 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:49:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:49:45 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:50:25 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:51:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:51:44 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:52:02 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: responding to Main Mode
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: I did not send a certificate because I do not have one.
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 11:52:02 grinch2 pluto[11229]: "kaon-grinch2" #9: sent MR3, ISAKMP SA established
Mar 17 11:52:25 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:53:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:53:45 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:53:48 grinch2 pluto[11229]: "kaon-grinch2" #10: responding to Quick Mode {msgid:105cd94d}
Mar 17 11:53:48 grinch2 pluto[11229]: "kaon-grinch2" #10: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 11:53:48 grinch2 pluto[11229]: "kaon-grinch2" #10: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 11:53:48 grinch2 pluto[11229]: "kaon-grinch2" #10: IPsec SA established {ESP=>0x9a0af035 <0x4108dc48}
Mar 17 11:54:24 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:55:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:56:25 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:57:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:57:45 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:58:25 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:59:05 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 11:59:45 grinch2 pluto[11229]: "kaon-grinch2" #8: discarding duplicate packet -- exhausted retransmission; already STATE_QUICK_I2
Mar 17 12:03:51 grinch2 pluto[11229]: packet from 9.51.94.21:500: Informational Exchange is for an unknown (expired?) SA
Mar 17 12:06:45 grinch2 pluto[11229]: "kaon-grinch2" #11: responding to Quick Mode {msgid:e8fecae0}
Mar 17 12:06:45 grinch2 pluto[11229]: "kaon-grinch2" #11: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 12:06:55 grinch2 pluto[11229]: "kaon-grinch2" #11: discarding duplicate packet; already STATE_QUICK_R1
Mar 17 12:06:55 grinch2 pluto[11229]: "kaon-grinch2" #11: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 12:06:55 grinch2 pluto[11229]: "kaon-grinch2" #11: IPsec SA established {ESP=>0x9a0af037 <0x4108dc49}
Mar 17 12:12:31 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 12:12:31 grinch2 pluto[11229]: "kaon-grinch2" #12: responding to Main Mode
Mar 17 12:12:31 grinch2 pluto[11229]: "kaon-grinch2" #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 12:12:41 grinch2 pluto[11229]: "kaon-grinch2" #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 12:12:41 grinch2 pluto[11229]: "kaon-grinch2" #12: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 12:12:41 grinch2 pluto[11229]: "kaon-grinch2" #12: I did not send a certificate because I do not have one.
Mar 17 12:12:41 grinch2 pluto[11229]: "kaon-grinch2" #12: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 12:12:41 grinch2 pluto[11229]: "kaon-grinch2" #12: sent MR3, ISAKMP SA established
Mar 17 12:22:02 grinch2 pluto[11229]: "kaon-grinch2" #9: received Delete SA payload: deleting ISAKMP State #9
Mar 17 12:22:02 grinch2 pluto[11229]: packet from 9.51.94.21:500: received and ignored informational message
Mar 17 12:23:48 grinch2 pluto[11229]: "kaon-grinch2" #12: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9a0af035) not found (maybe expired)
Mar 17 12:23:48 grinch2 pluto[11229]: "kaon-grinch2" #12: received and ignored informational message
Mar 17 12:24:32 grinch2 pluto[11229]: "kaon-grinch2" #13: responding to Quick Mode {msgid:63b03f47}
Mar 17 12:24:32 grinch2 pluto[11229]: "kaon-grinch2" #13: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 12:24:32 grinch2 pluto[11229]: "kaon-grinch2" #13: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 12:24:32 grinch2 pluto[11229]: "kaon-grinch2" #13: IPsec SA established {ESP=>0x9a0af03d <0x4108dc4a}
Mar 17 12:27:29 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 12:27:29 grinch2 pluto[11229]: "kaon-grinch2" #14: responding to Main Mode
Mar 17 12:27:29 grinch2 pluto[11229]: "kaon-grinch2" #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 12:27:39 grinch2 pluto[11229]: "kaon-grinch2" #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 12:27:39 grinch2 pluto[11229]: "kaon-grinch2" #14: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 12:27:39 grinch2 pluto[11229]: "kaon-grinch2" #14: I did not send a certificate because I do not have one.
Mar 17 12:27:39 grinch2 pluto[11229]: "kaon-grinch2" #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 12:27:39 grinch2 pluto[11229]: "kaon-grinch2" #14: sent MR3, ISAKMP SA established
Mar 17 12:36:55 grinch2 pluto[11229]: "kaon-grinch2" #14: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9a0af037) not found (maybe expired)
Mar 17 12:36:55 grinch2 pluto[11229]: "kaon-grinch2" #14: received and ignored informational message
Mar 17 12:38:57 grinch2 pluto[11229]: "kaon-grinch2" #15: responding to Quick Mode {msgid:c8fce819}
Mar 17 12:38:57 grinch2 pluto[11229]: "kaon-grinch2" #15: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 12:38:57 grinch2 pluto[11229]: "kaon-grinch2" #15: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 12:38:57 grinch2 pluto[11229]: "kaon-grinch2" #15: IPsec SA established {ESP=>0x9a0af042 <0x4108dc4b}
Mar 17 12:42:41 grinch2 pluto[11229]: packet from 9.51.94.21:500: Informational Exchange is for an unknown (expired?) SA
Mar 17 12:45:07 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: responding to Main Mode
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: I did not send a certificate because I do not have one.
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 12:45:07 grinch2 pluto[11229]: "kaon-grinch2" #16: sent MR3, ISAKMP SA established
Mar 17 12:54:32 grinch2 pluto[11229]: "kaon-grinch2" #16: received Delete SA(0x9a0af03d) payload: deleting IPSEC State #13
Mar 17 12:54:32 grinch2 pluto[11229]: "kaon-grinch2" #16: received and ignored informational message
Mar 17 12:55:25 grinch2 pluto[11229]: "kaon-grinch2" #17: responding to Quick Mode {msgid:8de0b6be}
Mar 17 12:55:25 grinch2 pluto[11229]: "kaon-grinch2" #17: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 12:55:25 grinch2 pluto[11229]: "kaon-grinch2" #17: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 12:55:25 grinch2 pluto[11229]: "kaon-grinch2" #17: IPsec SA established {ESP=>0x9a0af048 <0x4108dc4c}
Mar 17 12:57:39 grinch2 pluto[11229]: packet from 9.51.94.21:500: Informational Exchange is for an unknown (expired?) SA
Mar 17 13:04:01 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 13:04:01 grinch2 pluto[11229]: "kaon-grinch2" #18: responding to Main Mode
Mar 17 13:04:01 grinch2 pluto[11229]: "kaon-grinch2" #18: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 13:04:11 grinch2 pluto[11229]: "kaon-grinch2" #18: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 13:04:11 grinch2 pluto[11229]: "kaon-grinch2" #18: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 13:04:11 grinch2 pluto[11229]: "kaon-grinch2" #18: I did not send a certificate because I do not have one.
Mar 17 13:04:11 grinch2 pluto[11229]: "kaon-grinch2" #18: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 13:04:11 grinch2 pluto[11229]: "kaon-grinch2" #18: sent MR3, ISAKMP SA established
Mar 17 13:08:57 grinch2 pluto[11229]: "kaon-grinch2" #18: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9a0af042) not found (maybe expired)
Mar 17 13:08:57 grinch2 pluto[11229]: "kaon-grinch2" #18: received and ignored informational message
Mar 17 13:15:07 grinch2 pluto[11229]: packet from 9.51.94.21:500: Informational Exchange is for an unknown (expired?) SA
Mar 17 13:16:25 grinch2 pluto[11229]: "kaon-grinch2" #19: responding to Quick Mode {msgid:cbd56a57}
Mar 17 13:16:25 grinch2 pluto[11229]: "kaon-grinch2" #19: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 13:16:25 grinch2 pluto[11229]: "kaon-grinch2" #19: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 13:16:25 grinch2 pluto[11229]: "kaon-grinch2" #19: IPsec SA established {ESP=>0x9a0af04f <0x4108dc4d}
Mar 17 13:17:48 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: responding to Main Mode
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: I did not send a certificate because I do not have one.
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 13:17:48 grinch2 pluto[11229]: "kaon-grinch2" #20: sent MR3, ISAKMP SA established
Mar 17 13:25:26 grinch2 pluto[11229]: "kaon-grinch2" #20: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9a0af048) not found (maybe expired)
Mar 17 13:25:26 grinch2 pluto[11229]: "kaon-grinch2" #20: received and ignored informational message
Mar 17 13:31:37 grinch2 pluto[11229]: packet from 9.51.94.21:500: received Vendor ID payload [Dead Peer Detection]
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: responding to Main Mode
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: Main mode peer ID is ID_IPV4_ADDR: '9.51.94.21'
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: I did not send a certificate because I do not have one.
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 17 13:31:37 grinch2 pluto[11229]: "kaon-grinch2" #21: sent MR3, ISAKMP SA established
Mar 17 13:33:44 grinch2 pluto[11229]: "kaon-grinch2" #22: responding to Quick Mode {msgid:ce771563}
Mar 17 13:33:44 grinch2 pluto[11229]: "kaon-grinch2" #22: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 17 13:33:44 grinch2 pluto[11229]: "kaon-grinch2" #22: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 17 13:33:44 grinch2 pluto[11229]: "kaon-grinch2" #22: IPsec SA established {ESP=>0x9a0af054 <0x4108dc4e}
Mar 17 13:34:11 grinch2 pluto[11229]: packet from 9.51.94.21:500: Informational Exchange is for an unknown (expired?) SA
+ _________________________ date
+ date
Thu Mar 17 13:38:25 EST 2005

--- END BARF OUTPUT ---


I'm out of ideas.  Any suggestions?  


Jimmie

-- 
Jimmie Mayfield  
http://www.sackheads.org/mayfield       email: mayfield+openswan at sackheads.org
My mail provider does not welcome UCE -- http://www.sackheads.org/uce



More information about the Users mailing list