[Openswan Users] Erro on Road Warrior Connection
Frederico Madeira
fred at farmaciadospobres.com.br
Mon Nov 28 15:03:40 CET 2005
I've try to setup a vpn from a notebook running linux FC4 connected by
adsl to other linux with fix ip and runing FC3.
Aparently the tunnel is up, but some is wrong because i can't ping from
any direction.
The route is create on both sides.
In log i see the message | pending review: connection "ksa-nfred" was
not up, skipped
Se attached my logs:
/var/log/secure - Server Gateway
######################################################
Nov 28 14:11:08 fw pluto[1452]: | *received 292 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:08 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:08 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:08 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:08 fw pluto[1452]: | responder cookie:
Nov 28 14:11:08 fw pluto[1452]: | 00 00 00 00 00 00 00 00
Nov 28 14:11:08 fw pluto[1452]: | next payload type: ISAKMP_NEXT_SA
Nov 28 14:11:08 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:08 fw pluto[1452]: | exchange type: ISAKMP_XCHG_IDPROT
Nov 28 14:11:08 fw pluto[1452]: | flags: none
Nov 28 14:11:08 fw pluto[1452]: | message ID: 00 00 00 00
Nov 28 14:11:08 fw pluto[1452]: | length: 292
Nov 28 14:11:09 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Security Association
Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 148
Nov 28 14:11:09 fw pluto[1452]: | DOI: ISAKMP_DOI_IPSEC
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 16
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 20
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 20
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 20
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_VID
Nov 28 14:11:09 fw pluto[1452]: | length: 20
Nov 28 14:11:09 fw pluto[1452]: | ***parse ISAKMP Vendor ID Payload:
Nov 28 14:11:09 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:09 fw pluto[1452]: | length: 20
Nov 28 14:11:09 fw pluto[1452]: packet from 201.19.177.138:500: ignoring
unknown Vendor ID payload [4f457240604e7f585d6d5869]
Nov 28 14:11:09 fw pluto[1452]: packet from 201.19.177.138:500: received
Vendor ID payload [Dead Peer Detection]
Nov 28 14:11:10 fw pluto[1452]: packet from 201.19.177.138:500: received
Vendor ID payload [RFC 3947] method set to=109
Nov 28 14:11:10 fw pluto[1452]: packet from 201.19.177.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using method 109
Nov 28 14:11:10 fw pluto[1452]: packet from 201.19.177.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using method 109
Nov 28 14:11:10 fw pluto[1452]: packet from 201.19.177.138:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 28 14:11:10 fw pluto[1452]: | instantiated "ksa-nfred" for
201.19.177.138
Nov 28 14:11:10 fw pluto[1452]: | creating state object #15 at 0x8d60828
Nov 28 14:11:10 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:10 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:10 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:10 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:10 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:10 fw pluto[1452]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #15
Nov 28 14:11:10 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
responding to Main Mode from unknown peer 201.19.177.138
Nov 28 14:11:10 fw pluto[1452]: | ****parse IPsec DOI SIT:
Nov 28 14:11:10 fw pluto[1452]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Nov 28 14:11:10 fw pluto[1452]: | ****parse ISAKMP Proposal Payload:
Nov 28 14:11:10 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:10 fw pluto[1452]: | length: 136
Nov 28 14:11:10 fw pluto[1452]: | proposal number: 0
Nov 28 14:11:10 fw pluto[1452]: | protocol ID: PROTO_ISAKMP
Nov 28 14:11:10 fw pluto[1452]: | SPI size: 0
Nov 28 14:11:10 fw pluto[1452]: | number of transforms: 4
Nov 28 14:11:10 fw pluto[1452]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Nov 28 14:11:10 fw pluto[1452]: | next payload type: ISAKMP_NEXT_T
Nov 28 14:11:10 fw pluto[1452]: | length: 32
Nov 28 14:11:11 fw pluto[1452]: | transform number: 0
Nov 28 14:11:11 fw pluto[1452]: | transform ID: KEY_IKE
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type: OAKLEY_LIFE_TYPE
Nov 28 14:11:11 fw pluto[1452]: | length/value: 1
Nov 28 14:11:11 fw pluto[1452]: | [1 is OAKLEY_LIFE_SECONDS]
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type: OAKLEY_LIFE_DURATION
Nov 28 14:11:11 fw pluto[1452]: | length/value: 3600
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Nov 28 14:11:11 fw pluto[1452]: | length/value: 5
Nov 28 14:11:11 fw pluto[1452]: | [5 is OAKLEY_3DES_CBC]
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type: OAKLEY_HASH_ALGORITHM
Nov 28 14:11:11 fw pluto[1452]: | length/value: 1
Nov 28 14:11:11 fw pluto[1452]: | [1 is OAKLEY_MD5]
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Nov 28 14:11:11 fw pluto[1452]: | length/value: 3
Nov 28 14:11:11 fw pluto[1452]: | [3 is OAKLEY_RSA_SIG]
Nov 28 14:11:11 fw pluto[1452]: | ******parse ISAKMP Oakley attribute:
Nov 28 14:11:11 fw pluto[1452]: | af+type: OAKLEY_GROUP_DESCRIPTION
Nov 28 14:11:11 fw pluto[1452]: | length/value: 5
Nov 28 14:11:11 fw pluto[1452]: | [5 is OAKLEY_GROUP_MODP1536]
Nov 28 14:11:12 fw pluto[1452]: | Oakley Transform 0 accepted
Nov 28 14:11:12 fw pluto[1452]: | complete state transition with STF_OK
Nov 28 14:11:12 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 28 14:11:12 fw pluto[1452]: | sending reply packet to
201.19.177.138:500 (from port=500)
Nov 28 14:11:12 fw pluto[1452]: | sending 136 bytes for STATE_MAIN_R0
through eth2:500 to 201.19.177.138:500:
Nov 28 14:11:12 fw pluto[1452]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #15
Nov 28 14:11:12 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 28 14:11:12 fw pluto[1452]: | modecfg pull: noquirk policy:push
not-client
Nov 28 14:11:12 fw pluto[1452]: | phase 1 is done, looking for phase 1
to unpend
Nov 28 14:11:12 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 9
seconds
Nov 28 14:11:12 fw pluto[1452]: |
Nov 28 14:11:12 fw pluto[1452]: | *received 284 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:12 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:12 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:12 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:12 fw pluto[1452]: | responder cookie:
Nov 28 14:11:12 fw pluto[1452]: | 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:12 fw pluto[1452]: | next payload type: ISAKMP_NEXT_KE
Nov 28 14:11:12 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:12 fw pluto[1452]: | exchange type: ISAKMP_XCHG_IDPROT
Nov 28 14:11:12 fw pluto[1452]: | flags: none
Nov 28 14:11:12 fw pluto[1452]: | message ID: 00 00 00 00
Nov 28 14:11:13 fw pluto[1452]: | length: 284
Nov 28 14:11:13 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Nov 28 14:11:13 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:13 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:13 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:13 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:13 fw pluto[1452]: | peer and cookies match on #15,
provided msgid 00000000 vs 00000000
Nov 28 14:11:13 fw pluto[1452]: | state object #15 found, in
STATE_MAIN_R1
Nov 28 14:11:13 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:13 fw pluto[1452]: | ***parse ISAKMP Key Exchange Payload:
Nov 28 14:11:13 fw pluto[1452]: | next payload type:
ISAKMP_NEXT_NONCE
Nov 28 14:11:13 fw pluto[1452]: | length: 196
Nov 28 14:11:13 fw pluto[1452]: | ***parse ISAKMP Nonce Payload:
Nov 28 14:11:13 fw pluto[1452]: | next payload type:
ISAKMP_NEXT_NAT-D
Nov 28 14:11:13 fw pluto[1452]: | length: 20
Nov 28 14:11:13 fw pluto[1452]: | ***parse ISAKMP NAT-D Payload:
Nov 28 14:11:13 fw pluto[1452]: | next payload type:
ISAKMP_NEXT_NAT-D
Nov 28 14:11:13 fw pluto[1452]: | length: 20
Nov 28 14:11:13 fw pluto[1452]: | ***parse ISAKMP NAT-D Payload:
Nov 28 14:11:13 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:13 fw pluto[1452]: | length: 20
Nov 28 14:11:13 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
NAT-Traversal: Result using 3: no NAT detected
Nov 28 14:11:13 fw pluto[1452]: | inserting event EVENT_NAT_T_KEEPALIVE,
timeout in 20 seconds
Nov 28 14:11:13 fw pluto[1452]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Nov 28 14:11:13 fw pluto[1452]: | asking helper 0 to do build_kenonce op
on seq: 6
Nov 28 14:11:14 fw pluto[1452]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #15
Nov 28 14:11:14 fw pluto[1456]: ! helper -1 doing build_kenonce op id: 6
Nov 28 14:11:14 fw pluto[1452]: | complete state transition with
STF_SUSPEND
Nov 28 14:11:14 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 7
seconds
Nov 28 14:11:14 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:14 fw pluto[1452]: | started looking for secret for
@fw.farmaciadospobres.com.br->@fred.farmaciadospobres.com.br of kind
PPK_PSK
Nov 28 14:11:14 fw pluto[1452]: | instantiating him to 0.0.0.0
Nov 28 14:11:14 fw pluto[1452]: | actually looking for secret for
@fw.farmaciadospobres.com.br->0.0.0.0 of kind PPK_PSK
Nov 28 14:11:14 fw pluto[1452]: | concluding with best_match=0
best=(nil) (lineno=-1)
Nov 28 14:11:14 fw pluto[1452]: | complete state transition with STF_OK
Nov 28 14:11:14 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 28 14:11:14 fw pluto[1452]: | sending reply packet to
201.19.177.138:500 (from port=500)
Nov 28 14:11:14 fw pluto[1452]: | sending 284 bytes for STATE_MAIN_R1
through eth2:500 to 201.19.177.138:500:
Nov 28 14:11:14 fw pluto[1452]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #15
Nov 28 14:11:14 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 28 14:11:14 fw pluto[1452]: | modecfg pull: noquirk policy:push
not-client
Nov 28 14:11:14 fw pluto[1452]: | phase 1 is done, looking for phase 1
to unpend
Nov 28 14:11:14 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 7
seconds
Nov 28 14:11:14 fw pluto[1452]: |
Nov 28 14:11:14 fw pluto[1452]: | *received 348 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:14 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:14 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:14 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:14 fw pluto[1452]: | responder cookie:
Nov 28 14:11:14 fw pluto[1452]: | 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:15 fw pluto[1452]: | next payload type: ISAKMP_NEXT_ID
Nov 28 14:11:15 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:15 fw pluto[1452]: | exchange type: ISAKMP_XCHG_IDPROT
Nov 28 14:11:15 fw pluto[1452]: | flags: ISAKMP_FLAG_ENCRYPTION
Nov 28 14:11:15 fw pluto[1452]: | message ID: 00 00 00 00
Nov 28 14:11:15 fw pluto[1452]: | length: 348
Nov 28 14:11:15 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Nov 28 14:11:15 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:15 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:15 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:15 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:15 fw pluto[1452]: | peer and cookies match on #15,
provided msgid 00000000 vs 00000000
Nov 28 14:11:15 fw pluto[1452]: | state object #15 found, in
STATE_MAIN_R2
Nov 28 14:11:15 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:15 fw pluto[1452]: | ***parse ISAKMP Identification
Payload:
Nov 28 14:11:15 fw pluto[1452]: | next payload type: ISAKMP_NEXT_SIG
Nov 28 14:11:15 fw pluto[1452]: | length: 37
Nov 28 14:11:15 fw pluto[1452]: | ID type: ID_FQDN
Nov 28 14:11:15 fw pluto[1452]: | DOI specific A: 0
Nov 28 14:11:15 fw pluto[1452]: | DOI specific B: 0
Nov 28 14:11:15 fw pluto[1452]: | ***parse ISAKMP Signature Payload:
Nov 28 14:11:15 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:15 fw pluto[1452]: | length: 278
Nov 28 14:11:15 fw pluto[1452]: | removing 5 bytes of padding
Nov 28 14:11:16 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15: Main
mode peer ID is ID_FQDN: '@fred.farmaciadospobres.com.br'
Nov 28 14:11:16 fw pluto[1452]: | offered CA: '%none'
Nov 28 14:11:16 fw pluto[1452]: | required CA is '%any'
Nov 28 14:11:16 fw pluto[1452]: | key issuer CA is '%any'
Nov 28 14:11:16 fw pluto[1452]: | an RSA Sig check passed with *AQOA
+Y8D1 [preloaded key]
Nov 28 14:11:16 fw pluto[1452]: | thinking about whether to send my
certificate:
Nov 28 14:11:16 fw pluto[1452]: | I have RSA key: OAKLEY_RSA_SIG
cert.type: CERT_NONE
Nov 28 14:11:16 fw pluto[1452]: | sendcert: CERT_ALWAYSSEND and I did
not get a certificate request
Nov 28 14:11:16 fw pluto[1452]: | so do not send cert.
Nov 28 14:11:16 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15: I did
not send a certificate because I do not have one.
Nov 28 14:11:16 fw pluto[1452]: | started looking for secret for
@fw.farmaciadospobres.com.br->@fred.farmaciadospobres.com.br of kind
PPK_RSA
Nov 28 14:11:16 fw pluto[1452]: | instantiating him to 0.0.0.0
Nov 28 14:11:16 fw pluto[1452]: | actually looking for secret for
@fw.farmaciadospobres.com.br->0.0.0.0 of kind PPK_RSA
Nov 28 14:11:16 fw pluto[1452]: | best_match 0>1 best=0x8d5da58 (line=1)
Nov 28 14:11:16 fw pluto[1452]: | concluding with best_match=1
best=0x8d5da58 (lineno=1)
Nov 28 14:11:16 fw pluto[1452]: | signing hash with RSA Key *AQNz6jkBp
Nov 28 14:11:16 fw pluto[1452]: | complete state transition with STF_OK
Nov 28 14:11:16 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 28 14:11:16 fw pluto[1452]: | sending reply packet to
201.19.177.138:500 (from port=500)
Nov 28 14:11:16 fw pluto[1452]: | sending 348 bytes for STATE_MAIN_R2
through eth2:500 to 201.19.177.138:500:
Nov 28 14:11:16 fw pluto[1452]: | inserting event EVENT_SA_REPLACE,
timeout in 3330 seconds for #15
Nov 28 14:11:16 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #15:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Nov 28 14:11:17 fw pluto[1452]: | modecfg pull: noquirk policy:push
not-client
Nov 28 14:11:17 fw pluto[1452]: | phase 1 is done, looking for phase 1
to unpend
Nov 28 14:11:17 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 4
seconds
Nov 28 14:11:17 fw pluto[1452]: |
Nov 28 14:11:17 fw pluto[1452]: | *received 428 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:17 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:17 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:17 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:17 fw pluto[1452]: | responder cookie:
Nov 28 14:11:17 fw pluto[1452]: | 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:17 fw pluto[1452]: | next payload type: ISAKMP_NEXT_HASH
Nov 28 14:11:17 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:17 fw pluto[1452]: | exchange type: ISAKMP_XCHG_QUICK
Nov 28 14:11:17 fw pluto[1452]: | flags: ISAKMP_FLAG_ENCRYPTION
Nov 28 14:11:17 fw pluto[1452]: | message ID: 74 eb d2 17
Nov 28 14:11:17 fw pluto[1452]: | length: 428
Nov 28 14:11:17 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Nov 28 14:11:17 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:17 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:17 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:17 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:17 fw pluto[1452]: | peer and cookies match on #15,
provided msgid 74ebd217 vs 00000000
Nov 28 14:11:18 fw pluto[1452]: | state object not found
Nov 28 14:11:18 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:18 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:18 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:18 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:18 fw pluto[1452]: | peer and cookies match on #15,
provided msgid 00000000 vs 00000000
Nov 28 14:11:18 fw pluto[1452]: | state object #15 found, in
STATE_MAIN_R3
Nov 28 14:11:18 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:18 fw pluto[1452]: | ***parse ISAKMP Hash Payload:
Nov 28 14:11:18 fw pluto[1452]: | next payload type: ISAKMP_NEXT_SA
Nov 28 14:11:18 fw pluto[1452]: | length: 20
Nov 28 14:11:18 fw pluto[1452]: | ***parse ISAKMP Security Association
Payload:
Nov 28 14:11:18 fw pluto[1452]: | next payload type:
ISAKMP_NEXT_NONCE
Nov 28 14:11:18 fw pluto[1452]: | length: 136
Nov 28 14:11:18 fw pluto[1452]: | DOI: ISAKMP_DOI_IPSEC
Nov 28 14:11:18 fw pluto[1452]: | ***parse ISAKMP Nonce Payload:
Nov 28 14:11:18 fw pluto[1452]: | next payload type: ISAKMP_NEXT_KE
Nov 28 14:11:18 fw pluto[1452]: | length: 20
Nov 28 14:11:18 fw pluto[1452]: | ***parse ISAKMP Key Exchange Payload:
Nov 28 14:11:18 fw pluto[1452]: | next payload type: ISAKMP_NEXT_ID
Nov 28 14:11:18 fw pluto[1452]: | length: 196
Nov 28 14:11:18 fw pluto[1452]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Nov 28 14:11:18 fw pluto[1452]: | next payload type: ISAKMP_NEXT_ID
Nov 28 14:11:18 fw pluto[1452]: | length: 12
Nov 28 14:11:18 fw pluto[1452]: | ID type: ID_IPV4_ADDR
Nov 28 14:11:19 fw pluto[1452]: | Protocol ID: 0
Nov 28 14:11:19 fw pluto[1452]: | port: 0
Nov 28 14:11:19 fw pluto[1452]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Nov 28 14:11:19 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:19 fw pluto[1452]: | length: 16
Nov 28 14:11:19 fw pluto[1452]: | ID type: ID_IPV4_ADDR_SUBNET
Nov 28 14:11:19 fw pluto[1452]: | Protocol ID: 0
Nov 28 14:11:19 fw pluto[1452]: | port: 0
Nov 28 14:11:19 fw pluto[1452]: | peer client is 201.19.177.138
Nov 28 14:11:19 fw pluto[1452]: | peer client protocol/port is 0/0
Nov 28 14:11:19 fw pluto[1452]: | our client is subnet 10.60.60.0/24
Nov 28 14:11:19 fw pluto[1452]: | our client protocol/port is 0/0
Nov 28 14:11:19 fw pluto[1452]: | duplicating state object #15
Nov 28 14:11:19 fw pluto[1452]: | creating state object #16 at 0x8d64178
Nov 28 14:11:19 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:19 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:19 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:19 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:19 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:19 fw pluto[1452]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #16
Nov 28 14:11:19 fw pluto[1452]: | ****parse IPsec DOI SIT:
Nov 28 14:11:19 fw pluto[1452]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Nov 28 14:11:19 fw pluto[1452]: | ****parse ISAKMP Proposal Payload:
Nov 28 14:11:19 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:19 fw pluto[1452]: | length: 124
Nov 28 14:11:20 fw pluto[1452]: | proposal number: 0
Nov 28 14:11:20 fw pluto[1452]: | protocol ID: PROTO_IPSEC_ESP
Nov 28 14:11:20 fw pluto[1452]: | SPI size: 4
Nov 28 14:11:20 fw pluto[1452]: | number of transforms: 4
Nov 28 14:11:20 fw pluto[1452]: | parsing 4 raw bytes of ISAKMP Proposal
Payload into SPI
Nov 28 14:11:20 fw pluto[1452]: | SPI 5a 1b 87 90
Nov 28 14:11:20 fw pluto[1452]: | *****parse ISAKMP Transform Payload
(ESP):
Nov 28 14:11:20 fw pluto[1452]: | next payload type: ISAKMP_NEXT_T
Nov 28 14:11:20 fw pluto[1452]: | length: 28
Nov 28 14:11:20 fw pluto[1452]: | transform number: 0
Nov 28 14:11:20 fw pluto[1452]: | transform ID: ESP_AES
Nov 28 14:11:20 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:20 fw pluto[1452]: | af+type: GROUP_DESCRIPTION
Nov 28 14:11:20 fw pluto[1452]: | length/value: 5
Nov 28 14:11:20 fw pluto[1452]: | [5 is OAKLEY_GROUP_MODP1536]
Nov 28 14:11:20 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:20 fw pluto[1452]: | af+type: ENCAPSULATION_MODE
Nov 28 14:11:20 fw pluto[1452]: | length/value: 1
Nov 28 14:11:20 fw pluto[1452]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Nov 28 14:11:20 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:20 fw pluto[1452]: | af+type: SA_LIFE_TYPE
Nov 28 14:11:20 fw pluto[1452]: | length/value: 1
Nov 28 14:11:20 fw pluto[1452]: | [1 is SA_LIFE_TYPE_SECONDS]
Nov 28 14:11:20 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:20 fw pluto[1452]: | af+type: SA_LIFE_DURATION
Nov 28 14:11:21 fw pluto[1452]: | length/value: 28800
Nov 28 14:11:21 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:21 fw pluto[1452]: | af+type: AUTH_ALGORITHM
Nov 28 14:11:21 fw pluto[1452]: | length/value: 2
Nov 28 14:11:21 fw pluto[1452]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Nov 28 14:11:21 fw pluto[1452]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Nov 28 14:11:21 fw pluto[1452]: | asking helper 0 to do build_kenonce op
on seq: 7
Nov 28 14:11:21 fw pluto[1452]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #16
Nov 28 14:11:21 fw pluto[1456]: ! helper -1 doing build_kenonce op id: 7
Nov 28 14:11:21 fw pluto[1452]: | complete state transition with
STF_SUSPEND
Nov 28 14:11:21 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 0
seconds
Nov 28 14:11:21 fw pluto[1452]: |
Nov 28 14:11:21 fw pluto[1452]: | *time to handle event
Nov 28 14:11:21 fw pluto[1452]: | handling event EVENT_PENDING_PHASE2
Nov 28 14:11:21 fw pluto[1452]: | event after this is
EVENT_NAT_T_KEEPALIVE in 12 seconds
Nov 28 14:11:21 fw pluto[1452]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Nov 28 14:11:21 fw pluto[1452]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:11:21 fw pluto[1452]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:11:21 fw pluto[1452]: | next event EVENT_NAT_T_KEEPALIVE in 12
seconds
Nov 28 14:11:21 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:21 fw pluto[1452]: | ****parse IPsec DOI SIT:
Nov 28 14:11:21 fw pluto[1452]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Nov 28 14:11:21 fw pluto[1452]: | ****parse ISAKMP Proposal Payload:
Nov 28 14:11:21 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:21 fw pluto[1452]: | length: 124
Nov 28 14:11:22 fw pluto[1452]: | proposal number: 0
Nov 28 14:11:22 fw pluto[1452]: | protocol ID: PROTO_IPSEC_ESP
Nov 28 14:11:22 fw pluto[1452]: | SPI size: 4
Nov 28 14:11:22 fw pluto[1452]: | number of transforms: 4
Nov 28 14:11:22 fw pluto[1452]: | parsing 4 raw bytes of ISAKMP Proposal
Payload into SPI
Nov 28 14:11:22 fw pluto[1452]: | SPI 5a 1b 87 90
Nov 28 14:11:22 fw pluto[1452]: | *****parse ISAKMP Transform Payload
(ESP):
Nov 28 14:11:22 fw pluto[1452]: | next payload type: ISAKMP_NEXT_T
Nov 28 14:11:22 fw pluto[1452]: | length: 28
Nov 28 14:11:22 fw pluto[1452]: | transform number: 0
Nov 28 14:11:22 fw pluto[1452]: | transform ID: ESP_AES
Nov 28 14:11:22 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:22 fw pluto[1452]: | af+type: GROUP_DESCRIPTION
Nov 28 14:11:22 fw pluto[1452]: | length/value: 5
Nov 28 14:11:22 fw pluto[1452]: | [5 is OAKLEY_GROUP_MODP1536]
Nov 28 14:11:22 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:22 fw pluto[1452]: | af+type: ENCAPSULATION_MODE
Nov 28 14:11:22 fw pluto[1452]: | length/value: 1
Nov 28 14:11:22 fw pluto[1452]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Nov 28 14:11:22 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:22 fw pluto[1452]: | af+type: SA_LIFE_TYPE
Nov 28 14:11:22 fw pluto[1452]: | length/value: 1
Nov 28 14:11:22 fw pluto[1452]: | [1 is SA_LIFE_TYPE_SECONDS]
Nov 28 14:11:22 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:22 fw pluto[1452]: | af+type: SA_LIFE_DURATION
Nov 28 14:11:23 fw pluto[1452]: | length/value: 28800
Nov 28 14:11:23 fw pluto[1452]: | ******parse ISAKMP IPsec DOI
attribute:
Nov 28 14:11:23 fw pluto[1452]: | af+type: AUTH_ALGORITHM
Nov 28 14:11:23 fw pluto[1452]: | length/value: 2
Nov 28 14:11:23 fw pluto[1452]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Nov 28 14:11:23 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
responding to Quick Mode {msgid:17d2eb74}
Nov 28 14:11:23 fw pluto[1452]: | started looking for secret for
@fw.farmaciadospobres.com.br->@fred.farmaciadospobres.com.br of kind
PPK_PSK
Nov 28 14:11:23 fw pluto[1452]: | instantiating him to 0.0.0.0
Nov 28 14:11:23 fw pluto[1452]: | actually looking for secret for
@fw.farmaciadospobres.com.br->0.0.0.0 of kind PPK_PSK
Nov 28 14:11:23 fw pluto[1452]: | concluding with best_match=0
best=(nil) (lineno=-1)
Nov 28 14:11:23 fw pluto[1452]: | compute_proto_keymat:needed_len (after
ESP enc)=16
Nov 28 14:11:23 fw pluto[1452]: | compute_proto_keymat:needed_len (after
ESP auth)=36
Nov 28 14:11:23 fw pluto[1452]: | install_inbound_ipsec_sa() checking if
we can route
Nov 28 14:11:23 fw pluto[1452]: | route owner of "ksa-nfred"[3]
201.19.177.138 unrouted: NULL; eroute owner: NULL
Nov 28 14:11:23 fw pluto[1452]: | could_route called for ksa-nfred
(kind=CK_INSTANCE)
Nov 28 14:11:23 fw pluto[1452]: | add inbound eroute 201.19.177.138/32:0
--0-> 10.60.60.0/24:0 => tun.10000 at 200.xxx.xxx.xxx (raw_eroute)
Nov 28 14:11:23 fw pluto[1452]: | complete state transition with STF_OK
Nov 28 14:11:23 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 28 14:11:23 fw pluto[1452]: | sending reply packet to
201.19.177.138:500 (from port=500)
Nov 28 14:11:23 fw pluto[1452]: | sending 348 bytes for STATE_QUICK_R0
through eth2:500 to 201.19.177.138:500:
Nov 28 14:11:23 fw pluto[1452]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #16
Nov 28 14:11:23 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 28 14:11:23 fw pluto[1452]: | modecfg pull: noquirk policy:push
not-client
Nov 28 14:11:23 fw pluto[1452]: | phase 1 is done, looking for phase 1
to unpend
Nov 28 14:11:24 fw pluto[1452]: | next event EVENT_RETRANSMIT in 9
seconds for #16
Nov 28 14:11:24 fw pluto[1452]: |
Nov 28 14:11:24 fw pluto[1452]: | *received 428 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:24 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:24 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:24 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:24 fw pluto[1452]: | responder cookie:
Nov 28 14:11:24 fw pluto[1452]: | 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:24 fw pluto[1452]: | next payload type: ISAKMP_NEXT_HASH
Nov 28 14:11:24 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:24 fw pluto[1452]: | exchange type: ISAKMP_XCHG_QUICK
Nov 28 14:11:24 fw pluto[1452]: | flags: ISAKMP_FLAG_ENCRYPTION
Nov 28 14:11:24 fw pluto[1452]: | message ID: 74 eb d2 17
Nov 28 14:11:24 fw pluto[1452]: | length: 428
Nov 28 14:11:24 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Nov 28 14:11:24 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:24 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:24 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:24 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:24 fw pluto[1452]: | peer and cookies match on #16,
provided msgid 74ebd217 vs 74ebd217
Nov 28 14:11:24 fw pluto[1452]: | state object #16 found, in
STATE_QUICK_R1
Nov 28 14:11:24 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:24 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16: next
payload type of ISAKMP Hash Payload has an unknown value: 150
Nov 28 14:11:24 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
malformed payload in packet
Nov 28 14:11:24 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
sending notification PAYLOAD_MALFORMED to 201.19.177.138:500
Nov 28 14:11:24 fw pluto[1452]: | sending 40 bytes for notification
packet through eth2:500 to 201.19.177.138:500:
Nov 28 14:11:25 fw pluto[1452]: | next event EVENT_RETRANSMIT in 8
seconds for #16
Nov 28 14:11:25 fw pluto[1452]: |
Nov 28 14:11:25 fw pluto[1452]: | *received 52 bytes from
201.19.177.138:500 on eth2 (port=500)
Nov 28 14:11:25 fw pluto[1452]: | **parse ISAKMP Message:
Nov 28 14:11:25 fw pluto[1452]: | initiator cookie:
Nov 28 14:11:25 fw pluto[1452]: | 10 89 63 79 b0 43 85 28
Nov 28 14:11:25 fw pluto[1452]: | responder cookie:
Nov 28 14:11:25 fw pluto[1452]: | 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:25 fw pluto[1452]: | next payload type: ISAKMP_NEXT_HASH
Nov 28 14:11:25 fw pluto[1452]: | ISAKMP version: ISAKMP Version 1.0
Nov 28 14:11:25 fw pluto[1452]: | exchange type: ISAKMP_XCHG_QUICK
Nov 28 14:11:25 fw pluto[1452]: | flags: ISAKMP_FLAG_ENCRYPTION
Nov 28 14:11:25 fw pluto[1452]: | message ID: 74 eb d2 17
Nov 28 14:11:25 fw pluto[1452]: | length: 52
Nov 28 14:11:25 fw pluto[1452]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Nov 28 14:11:25 fw pluto[1452]: | ICOOKIE: 10 89 63 79 b0 43 85 28
Nov 28 14:11:25 fw pluto[1452]: | RCOOKIE: 81 ae 83 1c 9e b2 b0 6d
Nov 28 14:11:25 fw pluto[1452]: | peer: c9 13 b1 8a
Nov 28 14:11:25 fw pluto[1452]: | state hash entry 27
Nov 28 14:11:25 fw pluto[1452]: | peer and cookies match on #16,
provided msgid 74ebd217 vs 74ebd217
Nov 28 14:11:25 fw pluto[1452]: | state object #16 found, in
STATE_QUICK_R1
Nov 28 14:11:25 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:25 fw pluto[1452]: | ***parse ISAKMP Hash Payload:
Nov 28 14:11:25 fw pluto[1452]: | next payload type: ISAKMP_NEXT_NONE
Nov 28 14:11:25 fw pluto[1452]: | length: 20
Nov 28 14:11:26 fw pluto[1452]: | removing 4 bytes of padding
Nov 28 14:11:26 fw pluto[1452]: | install_ipsec_sa() for #16: outbound
only
Nov 28 14:11:26 fw pluto[1452]: | route owner of "ksa-nfred"[3]
201.19.177.138 unrouted: NULL; eroute owner: NULL
Nov 28 14:11:26 fw pluto[1452]: | could_route called for ksa-nfred
(kind=CK_INSTANCE)
Nov 28 14:11:26 fw pluto[1452]: | sr for #16: unrouted
Nov 28 14:11:26 fw pluto[1452]: | route owner of "ksa-nfred"[3]
201.19.177.138 unrouted: NULL; eroute owner: NULL
Nov 28 14:11:26 fw pluto[1452]: | eroute_connection add eroute
10.60.60.0/24:0 --0-> 201.19.177.138/32:0 => tun.0 at 201.19.177.138
(raw_eroute)
Nov 28 14:11:26 fw pluto[1452]: | command executing up-client
Nov 28 14:11:26 fw pluto[1452]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='ksa-nfred'
PLUTO_NEXT_HOP='201.19.177.138' PLUTO_INTERFACE='eth2'
PLUTO_ME='200.xxx.xxx.xxx' PLUTO_MY_ID='@fw.farmaciadospobres.com.br'
PLUTO_MY_CLIENT='10.60.60.0/24' PLUTO_MY_CLIENT_NET='10.60.60.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='201.19.177.138'
PLUTO_PEER_ID='@fred.farmaciadospobres.com.br'
PLUTO_PEER_CLIENT='201.19.177.138/32'
PLUTO_PEER_CLIENT_NET='201.19.177.138'
PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG
+ENCRYPT+TUNNEL+PFS' ipsec _updown
Nov 28 14:11:26 fw pluto[1452]: | route_and_eroute: firewall_notified:
true
Nov 28 14:11:26 fw pluto[1452]: | command executing prepare-client
Nov 28 14:11:26 fw pluto[1452]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client'
PLUTO_CONNECTION='ksa-nfred' PLUTO_NEXT_HOP='201.19.177.138'
PLUTO_INTERFACE='eth2' PLUTO_ME='200.xxx.xxx.xxx'
PLUTO_MY_ID='@fw.farmaciadospobres.com.br'
PLUTO_MY_CLIENT='10.60.60.0/24' PLUTO_MY_CLIENT_NET='10.60.60.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='201.19.177.138'
PLUTO_PEER_ID='@fred.farmaciadospobres.com.br'
PLUTO_PEER_CLIENT='201.19.177.138/32'
PLUTO_PEER_CLIENT_NET='201.19.177.138'
PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG
+ENCRYPT+TUNNEL+PFS' ipsec _updown
Nov 28 14:11:26 fw pluto[1452]: | command executing route-client
Nov 28 14:11:26 fw pluto[1452]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client'
PLUTO_CONNECTION='ksa-nfred' PLUTO_NEXT_HOP='201.19.177.138'
PLUTO_INTERFACE='eth2' PLUTO_ME='200.xxx.xxx.xxx'
PLUTO_MY_ID='@fw.farmaciadospobres.com.br'
PLUTO_MY_CLIENT='10.60.60.0/24' PLUTO_MY_CLIENT_NET='10.60.60.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='201.19.177.138'
PLUTO_PEER_ID='@fred.farmaciadospobres.com.br'
PLUTO_PEER_CLIENT='201.19.177.138/32'
PLUTO_PEER_CLIENT_NET='201.19.177.138'
PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG
+ENCRYPT+TUNNEL+PFS' ipsec _updown
Nov 28 14:11:26 fw pluto[1452]: | route_and_eroute: instance
"ksa-nfred"[3] 201.19.177.138, setting eroute_owner
{spd=0x8d605cc,sr=0x8d605cc} to #16 (was #0) (newest_ipsec_sa=#0)
Nov 28 14:11:26 fw pluto[1452]: | complete state transition with STF_OK
Nov 28 14:11:26 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 28 14:11:26 fw pluto[1452]: | inserting event EVENT_SA_REPLACE,
timeout in 28530 seconds for #16
Nov 28 14:11:26 fw pluto[1452]: "ksa-nfred"[3] 201.19.177.138 #16:
STATE_QUICK_R2: IPsec SA established {ESP=>0x5a1b8790 <0xe3acb687
xfrm=AES_0-HMAC_SHA1 NATD=201.19.177.138:500 DPD=none}
Nov 28 14:11:26 fw pluto[1452]: | modecfg pull: noquirk policy:push
not-client
Nov 28 14:11:26 fw pluto[1452]: | phase 1 is done, looking for phase 1
to unpend
Nov 28 14:11:26 fw pluto[1452]: | next event EVENT_NAT_T_KEEPALIVE in 7
seconds
Nov 28 14:11:34 fw pluto[1452]: |
Nov 28 14:11:34 fw pluto[1452]: | *time to handle event
Nov 28 14:11:34 fw pluto[1452]: | handling event EVENT_NAT_T_KEEPALIVE
Nov 28 14:11:34 fw pluto[1452]: | event after this is
EVENT_PENDING_PHASE2 in 107 seconds
Nov 28 14:11:34 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:34 fw pluto[1452]: | processing connection ksa-nfred[3]
201.19.177.138
Nov 28 14:11:34 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 107
seconds
Nov 28 14:13:21 fw pluto[1452]: |
Nov 28 14:13:21 fw pluto[1452]: | *time to handle event
Nov 28 14:13:21 fw pluto[1452]: | handling event EVENT_PENDING_PHASE2
Nov 28 14:13:21 fw pluto[1452]: | event after this is
EVENT_REINIT_SECRET in 2520 seconds
Nov 28 14:13:21 fw pluto[1452]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Nov 28 14:13:21 fw pluto[1452]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:13:21 fw pluto[1452]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:13:21 fw pluto[1452]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Nov 28 14:55:15 fw pluto[1854]: | *time to handle event
Nov 28 14:55:15 fw pluto[1854]: | handling event EVENT_RETRANSMIT
Nov 28 14:55:15 fw pluto[1854]: | event after this is
EVENT_PENDING_PHASE2 in 25 seconds
Nov 28 14:55:15 fw pluto[1854]: | processing connection ksa-nfred[2]
201.19.176.184
Nov 28 14:55:15 fw pluto[1854]: | handling event EVENT_RETRANSMIT for
201.19.176.184 "ksa-nfred" #6
Nov 28 14:55:15 fw pluto[1854]: | sending 148 bytes for EVENT_RETRANSMIT
through eth2:500 to 201.19.176.184:500:
Nov 28 14:55:15 fw pluto[1854]: | inserting event EVENT_RETRANSMIT,
timeout in 40 seconds for #6
Nov 28 14:55:15 fw pluto[1854]: | next event EVENT_PENDING_PHASE2 in 25
seconds
Nov 28 14:55:18 fw pluto[1854]: | rejected packet:
Nov 28 14:55:18 fw pluto[1854]: | b6 4f af a6 52 c9 0e 23 d1 c6 89
0e 21 fb 06 30
Nov 28 14:55:18 fw pluto[1854]: | 08 10 20 01 f6 f8 f9 05 00 00 00
94 d0 88 59 6f
Nov 28 14:55:18 fw pluto[1854]: | cc b5 a8 cd 5c 90 cf 1d 58 f9 28
37 06 a0 fe 8e
Nov 28 14:55:18 fw pluto[1854]: | 3e a4 94 6e ba c2 9b ab b0 63 18
6a bc a1 28 bf
Nov 28 14:55:18 fw pluto[1854]: | 09 fd c6 74 a0 b5 9c b1 fb 2a 72
40 f7 e4 07 98
Nov 28 14:55:18 fw pluto[1854]: | 19 c5 94 45 2a 6d 8c ce 0b 26 52
c4 b3 7e 94 5b
Nov 28 14:55:18 fw pluto[1854]: | 5c 5a 84 f2 63 68 89 f1 fe e5 49
13 78 79 38 bf
Nov 28 14:55:18 fw pluto[1854]: | 6d ca 08 df e9 7b 78 93 10 1a 48
55 9a ef 1d 15
Nov 28 14:55:18 fw pluto[1854]: | 08 20 31 30 ad 27 fe fe 8a d5 44
04 9d 60 37 d6
Nov 28 14:55:18 fw pluto[1854]: | bc f0 bd 2d
Nov 28 14:55:18 fw pluto[1854]: | control:
Nov 28 14:55:18 fw pluto[1854]: | 18 00 00 00 00 00 00 00 08 00 00
00 01 00 00 00
Nov 28 14:55:18 fw pluto[1854]: | c8 c7 7b d2 c8 c7 7b d2 2c 00 00
00 00 00 00 00
Nov 28 14:55:18 fw pluto[1854]: | 0b 00 00 00 71 00 00 00 02 03 01
00 00 00 00 00
Nov 28 14:55:18 fw pluto[1854]: | 00 00 00 00 02 00 00 00 c8 c7 7b
d2 00 00 00 00
Nov 28 14:55:18 fw pluto[1854]: | 00 00 00 00
Nov 28 14:55:18 fw pluto[1854]: | name:
Nov 28 14:55:18 fw pluto[1854]: | 02 00 01 f4 c9 13 b0 b8 00 00 00
00 00 00 00 00
Nov 28 14:55:18 fw pluto[1854]: "ksa-nfred"[2] 201.19.176.184 #6: ERROR:
asynchronous network error report on eth2 (sport=500) for message to
201.19.176.184 port 500, complainant 200.xxx.xxx.xxx: No route to host
[errno 113, origin ICMP type 3 code 1 (not authenticated)]
Nov 28 14:55:18 fw pluto[1854]: | next event EVENT_PENDING_PHASE2 in 22
seconds
Nov 28 14:55:41 fw pluto[1854]: |
Nov 28 14:55:41 fw pluto[1854]: | *time to handle event
Nov 28 14:55:41 fw pluto[1854]: | handling event EVENT_PENDING_PHASE2
Nov 28 14:55:41 fw pluto[1854]: | event after this is EVENT_RETRANSMIT
in 14 seconds
Nov 28 14:55:41 fw pluto[1854]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Nov 28 14:55:41 fw pluto[1854]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:55:41 fw pluto[1854]: | pending review: connection "ksa-nfred"
was not up, skipped
Nov 28 14:55:41 fw pluto[1854]: | next event EVENT_RETRANSMIT in 14
seconds for #6
/var/log/secure - From Notebook Client ################
Nov 28 16:02:35 localhost pluto[23176]: loading secrets from
"/etc/ipsec.secrets"
Nov 28 16:02:54 localhost pluto[23176]: "ksa-nfred" #1: initiating Main
Mode
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: ignoring unknown
Vendor ID payload [4f457a7d4646466667725f65]
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: received Vendor
ID payload [Dead Peer Detection]
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: received Vendor
ID payload [RFC 3947] method set to=109
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: enabling
possible NAT-traversal with method 3
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 28 16:03:03 localhost pluto[23176]: "ksa-nfred" #1: STATE_MAIN_I2:
sent MI2, expecting MR2
Nov 28 16:03:09 localhost pluto[23176]: "ksa-nfred" #1: I did not send a
certificate because I do not have one.
Nov 28 16:03:09 localhost pluto[23176]: "ksa-nfred" #1: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 28 16:03:09 localhost pluto[23176]: "ksa-nfred" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 28 16:03:09 localhost pluto[23176]: "ksa-nfred" #1: STATE_MAIN_I3:
sent MI3, expecting MR3
Nov 28 16:03:16 localhost pluto[23176]: "ksa-nfred" #1: Main mode peer
ID is ID_FQDN: '@fw.farmaciadospobres.com.br'
Nov 28 16:03:16 localhost pluto[23176]: "ksa-nfred" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 28 16:03:16 localhost pluto[23176]: "ksa-nfred" #1: STATE_MAIN_I4:
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
Nov 28 16:03:16 localhost pluto[23176]: "ksa-nfred" #2: initiating Quick
Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Nov 28 16:03:31 localhost pluto[23176]: "ksa-nfred" #2: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 28 16:03:31 localhost pluto[23176]: "ksa-nfred" #2: STATE_QUICK_I2:
sent QI2, IPsec SA established {ESP=>0x7b8bcc98 <0x70ce7acd
xfrm=AES_0-HMAC_SHA1 NATD=200.xxx.xxx.xxx:500 DPD=none}
Nov 28 16:03:33 localhost pluto[23176]: "ksa-nfred" #1: Informational
Exchange message must be encrypted
IPSEC.CONF NOTEBOOK ######################################
config setup
nat_traversal=yes
interfaces=%defaultroute
uniqueids=yes
conn ksa-nfred
auth=esp
pfs=no
#authby=never
left=%defaultroute # Local vitals
leftid=@fred.farmaciadospobres.com.br #
leftrsasigkey= key.....
rightrsasigkey=key.....
right=200.xxx.xxx.xxxx # Remote vitals
rightsubnet=10.60.60.0/24 #
rightid=@fw.farmaciadospobres.com.br #
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
IPSEC.CONF GATEWAY ########################
config setup
plutodebug="control parsing"
nat_traversal=yes
interfaces=%defaultroute
conn ksa-nfred
auth=esp
pfs=no
left=200.xxx.xxx.xxx # Local vitals
leftsubnet=10.60.60.0/24
leftid=@fw.farmaciadospobres.com.br leftrsasigkey=key ...
rightnexthop=%defaultroute
right=%any
rightid=@fred.farmaciadospobres.com.br
rightrsasigkey=key...
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Frederico Madeira
Coordenador de Suporte
N. Landim Comércio Ltda
e-Mail: fred at farmaciadospobres.com.br
Fone : (81) 3497.3029
PABX: (81) 3497.3000
Fax : (81). 3497.3030
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051128/d684dbdb/attachment-0001.htm
More information about the Users
mailing list