[Openswan Users] ipsec.conf issue
Thiago Campos
tmclistas at uol.com.br
Mon Sep 19 13:32:24 CEST 2005
Hi again,
I intend to set up a vpn using ipsec/l2tpd in order to allow to windows road
warrior client to connect to the network behind the vpn server.
During this weekend i could connect to the, but i couldn't ping the internal
ip of vpn server nor any other machine on the lan
The main error message at /var/log/secure is:
pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500)
for message to roadwarrior_external_ip port 4500, complainant
vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code
1 (not authenticated)]
But i attach the full output in /var/log/secure in order to make easier your
help
Above my conf files
ipsec.conf
-------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug="control parsing"
nat_traversal=yes
virtual_private=%v4:192.168.0.0/16
# Conexao Sabaf <-> Road Warrior
conn sbfroad
authby=secret
pfs=no
left=200.171.103.96
#leftsubnet=172.17.33.0/24
leftprotoport=17/1701
right=%any
rightsubnet=vhost:%no,%priv
rightprotoport=17/1701
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
/etc/ipsec.secrets
--------------------------
vpn_server_external_ip: PSK "xxxx"
One more doubt: my /var/log/secure is showing all the time this message. I
even try to connect to the vpn
pluto[11325]: | *time to handle event
pluto[11325]: | handling event EVENT_PENDING_PHASE2
pluto[11325]: | event after this is EVENT_REINIT_SECRET in 476 seconds
pluto[11325]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
pluto[11325]: | pending review: connection "sbfroad" was not up, skipped
pluto[11325]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Thanks
Thiago
----- Original Message -----
From: "Paul Wouters" <paul at xelerance.com>
To: "Thiago Campos" <tmclistas at uol.com.br>
Cc: "John A. Sullivan III" <jsullivan at opensourcedevel.com>;
<users at openswan.org>
Sent: Friday, September 16, 2005 8:37 PM
Subject: Re: [Openswan Users] ipsec.conf issue
> On Fri, 16 Sep 2005, Thiago Campos wrote:
>
>> leftsubnet=172.17.33.0/24
>> rightsubnet=vhost:%no,%priv
>>
>> and now the error i got is:
>>
>> Sep 16 19:21:31 sbf-vpn pluto[8718]: "sbfroad"[2] road_gateway_ip #1:
>> cannot respond to IPsec SA request because no connection is known for
>> external_ip_server:17/1701...road_gateway_ip [@freelander]:17/1701
>
> If you use L2TP, you should not use leftsubnet=. That will be handled by
> pppd.
>
> Paul
-------------- next part --------------
Sep 19 11:26:32 sbf-vpn pluto[11325]: | *received 312 bytes from roadwarrior_external_ip:500 on eth1 (port=500)
Sep 19 11:26:32 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:32 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | 00 00 00 00 00 00 00 00
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_SA
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:32 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 19 11:26:32 sbf-vpn pluto[11325]: | flags: none
Sep 19 11:26:32 sbf-vpn pluto[11325]: | message ID: 00 00 00 00
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 312
Sep 19 11:26:32 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ***parse ISAKMP Security Association Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_VID
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 200
Sep 19 11:26:32 sbf-vpn pluto[11325]: | DOI: ISAKMP_DOI_IPSEC
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ***parse ISAKMP Vendor ID Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_VID
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ***parse ISAKMP Vendor ID Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_VID
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 20
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ***parse ISAKMP Vendor ID Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_VID
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 20
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ***parse ISAKMP Vendor ID Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 20
Sep 19 11:26:32 sbf-vpn pluto[11325]: packet from roadwarrior_external_ip:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 19 11:26:32 sbf-vpn pluto[11325]: packet from roadwarrior_external_ip:500: ignoring Vendor ID payload [FRAGMENTATION]
Sep 19 11:26:32 sbf-vpn pluto[11325]: packet from roadwarrior_external_ip:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Sep 19 11:26:32 sbf-vpn pluto[11325]: packet from roadwarrior_external_ip:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 19 11:26:32 sbf-vpn pluto[11325]: | instantiated "sbfroad" for roadwarrior_external_ip
Sep 19 11:26:32 sbf-vpn pluto[11325]: | creating state object #11 at 0x847c330
Sep 19 11:26:32 sbf-vpn pluto[11325]: | processing connection sbfroad[9] roadwarrior_external_ip
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:32 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:32 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:32 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:32 sbf-vpn pluto[11325]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #11
Sep 19 11:26:32 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: responding to Main Mode from unknown peer roadwarrior_external_ip
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ****parse IPsec DOI SIT:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 19 11:26:32 sbf-vpn pluto[11325]: | ****parse ISAKMP Proposal Payload:
Sep 19 11:26:32 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:32 sbf-vpn pluto[11325]: | length: 188
Sep 19 11:26:32 sbf-vpn pluto[11325]: | proposal number: 1
Sep 19 11:26:33 sbf-vpn pluto[11325]: | protocol ID: PROTO_ISAKMP
Sep 19 11:26:33 sbf-vpn pluto[11325]: | SPI size: 0
Sep 19 11:26:33 sbf-vpn pluto[11325]: | number of transforms: 5
Sep 19 11:26:33 sbf-vpn pluto[11325]: | *****parse ISAKMP Transform Payload (ISAKMP):
Sep 19 11:26:33 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_T
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length: 36
Sep 19 11:26:33 sbf-vpn pluto[11325]: | transform number: 1
Sep 19 11:26:33 sbf-vpn pluto[11325]: | transform ID: KEY_IKE
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 5
Sep 19 11:26:33 sbf-vpn pluto[11325]: | [5 is OAKLEY_3DES_CBC]
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_HASH_ALGORITHM
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 2
Sep 19 11:26:33 sbf-vpn pluto[11325]: | [2 is OAKLEY_SHA1]
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_GROUP_DESCRIPTION
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 14
Sep 19 11:26:33 sbf-vpn pluto[11325]: | [14 is OAKLEY_GROUP_MODP2048]
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:33 sbf-vpn pluto[11325]: | [1 is OAKLEY_PRESHARED_KEY]
Sep 19 11:26:33 sbf-vpn pluto[11325]: | started looking for secret for vpn_server_external_ip->roadwarrior_external_ip of kind PPK_PSK
Sep 19 11:26:33 sbf-vpn pluto[11325]: | instantiating him to 0.0.0.0
Sep 19 11:26:33 sbf-vpn pluto[11325]: | actually looking for secret for vpn_server_external_ip->0.0.0.0 of kind PPK_PSK
Sep 19 11:26:33 sbf-vpn pluto[11325]: | 1: compared PSK vpn_server_external_ip to vpn_server_external_ip / roadwarrior_external_ip -> 4
Sep 19 11:26:33 sbf-vpn pluto[11325]: | best_match 0>5 best=0x84765b0 (line=1)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | concluding with best_match=5 best=0x84765b0 (lineno=1)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_LIFE_TYPE
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:33 sbf-vpn pluto[11325]: | [1 is OAKLEY_LIFE_SECONDS]
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ******parse ISAKMP Oakley attribute:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | af+type: OAKLEY_LIFE_DURATION (variable length)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length/value: 4
Sep 19 11:26:33 sbf-vpn pluto[11325]: | long duration: 28800
Sep 19 11:26:33 sbf-vpn pluto[11325]: | Oakley Transform 1 accepted
Sep 19 11:26:33 sbf-vpn pluto[11325]: | complete state transition with STF_OK
Sep 19 11:26:33 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 19 11:26:33 sbf-vpn pluto[11325]: | sending reply packet to roadwarrior_external_ip:500 (from port=500)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | sending 140 bytes for STATE_MAIN_R0 through eth1:500 to roadwarrior_external_ip:500:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #11
Sep 19 11:26:33 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 19 11:26:33 sbf-vpn pluto[11325]: | modecfg pull: noquirk policy:push not-client
Sep 19 11:26:33 sbf-vpn pluto[11325]: | phase 1 is done, looking for phase 1 to unpend
Sep 19 11:26:33 sbf-vpn pluto[11325]: | next event EVENT_RETRANSMIT in 10 seconds for #11
Sep 19 11:26:33 sbf-vpn pluto[11325]: |
Sep 19 11:26:33 sbf-vpn pluto[11325]: | *received 360 bytes from roadwarrior_external_ip:500 on eth1 (port=500)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:33 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:33 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_KE
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:33 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 19 11:26:33 sbf-vpn pluto[11325]: | flags: none
Sep 19 11:26:33 sbf-vpn pluto[11325]: | message ID: 00 00 00 00
Sep 19 11:26:33 sbf-vpn pluto[11325]: | length: 360
Sep 19 11:26:33 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 19 11:26:33 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:33 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:34 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:34 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:34 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000
Sep 19 11:26:34 sbf-vpn pluto[11325]: | state object #11 found, in STATE_MAIN_R1
Sep 19 11:26:34 sbf-vpn pluto[11325]: | processing connection sbfroad[9] roadwarrior_external_ip
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP Key Exchange Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONCE
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 260
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP Nonce Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP NAT-D Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP NAT-D Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:34 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Sep 19 11:26:34 sbf-vpn pluto[11325]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Sep 19 11:26:34 sbf-vpn pluto[11325]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 19 11:26:34 sbf-vpn pluto[11325]: | asking helper 0 to do build_kenonce op on seq: 9
Sep 19 11:26:34 sbf-vpn pluto[11325]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #11
Sep 19 11:26:34 sbf-vpn pluto[11328]: ! helper -1 doing build_kenonce op id: 9
Sep 19 11:26:34 sbf-vpn pluto[11325]: | complete state transition with STF_SUSPEND
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 19 11:26:34 sbf-vpn pluto[11325]: | processing connection sbfroad[9] roadwarrior_external_ip
Sep 19 11:26:34 sbf-vpn pluto[11325]: | started looking for secret for vpn_server_external_ip->roadwarrior_external_ip of kind PPK_PSK
Sep 19 11:26:34 sbf-vpn pluto[11325]: | instantiating him to 0.0.0.0
Sep 19 11:26:34 sbf-vpn pluto[11325]: | actually looking for secret for vpn_server_external_ip->0.0.0.0 of kind PPK_PSK
Sep 19 11:26:34 sbf-vpn pluto[11325]: | 1: compared PSK vpn_server_external_ip to vpn_server_external_ip / roadwarrior_external_ip -> 4
Sep 19 11:26:34 sbf-vpn pluto[11325]: | best_match 0>5 best=0x84765b0 (line=1)
Sep 19 11:26:34 sbf-vpn pluto[11325]: | concluding with best_match=5 best=0x84765b0 (lineno=1)
Sep 19 11:26:34 sbf-vpn pluto[11325]: | complete state transition with STF_OK
Sep 19 11:26:34 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 19 11:26:34 sbf-vpn pluto[11325]: | sending reply packet to roadwarrior_external_ip:500 (from port=500)
Sep 19 11:26:34 sbf-vpn pluto[11325]: | sending 356 bytes for STATE_MAIN_R1 through eth1:500 to roadwarrior_external_ip:500:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #11
Sep 19 11:26:34 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 19 11:26:34 sbf-vpn pluto[11325]: | modecfg pull: noquirk policy:push not-client
Sep 19 11:26:34 sbf-vpn pluto[11325]: | phase 1 is done, looking for phase 1 to unpend
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next event EVENT_RETRANSMIT in 10 seconds for #11
Sep 19 11:26:34 sbf-vpn pluto[11325]: |
Sep 19 11:26:34 sbf-vpn pluto[11325]: | *received 76 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:26:34 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:34 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_ID
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:34 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 19 11:26:34 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:26:34 sbf-vpn pluto[11325]: | message ID: 00 00 00 00
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 76
Sep 19 11:26:34 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:34 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:34 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:34 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:34 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000
Sep 19 11:26:34 sbf-vpn pluto[11325]: | state object #11 found, in STATE_MAIN_R2
Sep 19 11:26:34 sbf-vpn pluto[11325]: | processing connection sbfroad[9] roadwarrior_external_ip
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP Identification Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 18
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ID type: ID_FQDN
Sep 19 11:26:34 sbf-vpn pluto[11325]: | DOI specific A: 0
Sep 19 11:26:34 sbf-vpn pluto[11325]: | DOI specific B: 0
Sep 19 11:26:34 sbf-vpn pluto[11325]: | ***parse ISAKMP Hash Payload:
Sep 19 11:26:34 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:34 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:34 sbf-vpn pluto[11325]: | removing 6 bytes of padding
Sep 19 11:26:34 sbf-vpn pluto[11325]: "sbfroad"[9] roadwarrior_external_ip #11: Main mode peer ID is ID_FQDN: '@freelander'
Sep 19 11:26:34 sbf-vpn pluto[11325]: | started looking for secret for vpn_server_external_ip->roadwarrior_external_ip of kind PPK_PSK
Sep 19 11:26:34 sbf-vpn pluto[11325]: | instantiating him to 0.0.0.0
Sep 19 11:26:35 sbf-vpn pluto[11325]: | actually looking for secret for vpn_server_external_ip->0.0.0.0 of kind PPK_PSK
Sep 19 11:26:35 sbf-vpn pluto[11325]: | 1: compared PSK vpn_server_external_ip to vpn_server_external_ip / roadwarrior_external_ip -> 4
Sep 19 11:26:35 sbf-vpn pluto[11325]: | best_match 0>5 best=0x84765b0 (line=1)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | concluding with best_match=5 best=0x84765b0 (lineno=1)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | started looking for secret for vpn_server_external_ip->(none) of kind PPK_PSK
Sep 19 11:26:35 sbf-vpn pluto[11325]: | replace him to 0.0.0.0
Sep 19 11:26:35 sbf-vpn pluto[11325]: | actually looking for secret for vpn_server_external_ip->0.0.0.0 of kind PPK_PSK
Sep 19 11:26:35 sbf-vpn pluto[11325]: | 1: compared PSK vpn_server_external_ip to vpn_server_external_ip / (none) -> 4
Sep 19 11:26:35 sbf-vpn pluto[11325]: | best_match 0>5 best=0x84765b0 (line=1)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | concluding with best_match=5 best=0x84765b0 (lineno=1)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | offered CA: '%none'
Sep 19 11:26:35 sbf-vpn pluto[11325]: | switched from "sbfroad" to "sbfroad"
Sep 19 11:26:35 sbf-vpn pluto[11325]: | instantiated "sbfroad" for roadwarrior_external_ip
Sep 19 11:26:35 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:35 sbf-vpn pluto[11325]: | processing connection sbfroad[9] roadwarrior_external_ip
Sep 19 11:26:35 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: deleting connection "sbfroad" instance with peer roadwarrior_external_ip {isakmp=#0/ipsec=#0}
Sep 19 11:26:35 sbf-vpn pluto[11325]: | thinking about whether to send my certificate:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
Sep 19 11:26:35 sbf-vpn pluto[11325]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
Sep 19 11:26:35 sbf-vpn pluto[11325]: | so do not send cert.
Sep 19 11:26:35 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: I did not send a certificate because I do not have one.
Sep 19 11:26:35 sbf-vpn pluto[11325]: | complete state transition with STF_OK
Sep 19 11:26:35 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 19 11:26:35 sbf-vpn pluto[11325]: | sending reply packet to roadwarrior_external_ip:500 (from port=500)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | NAT-T: new mapping roadwarrior_external_ip:500/4500)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:35 sbf-vpn pluto[11325]: | sending 68 bytes for STATE_MAIN_R2 through eth1:4500 to roadwarrior_external_ip:4500:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #11
Sep 19 11:26:35 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Sep 19 11:26:35 sbf-vpn pluto[11325]: | modecfg pull: noquirk policy:push not-client
Sep 19 11:26:35 sbf-vpn pluto[11325]: | phase 1 is done, looking for phase 1 to unpend
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
Sep 19 11:26:35 sbf-vpn pluto[11325]: |
Sep 19 11:26:35 sbf-vpn pluto[11325]: | *received 388 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:35 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:35 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_QUICK
Sep 19 11:26:35 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:26:35 sbf-vpn pluto[11325]: | message ID: 13 ea 5d 83
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 388
Sep 19 11:26:35 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:35 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:35 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:35 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:35 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 13ea5d83 vs 00000000
Sep 19 11:26:35 sbf-vpn pluto[11325]: | state object not found
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:35 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:35 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:35 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:35 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000
Sep 19 11:26:35 sbf-vpn pluto[11325]: | state object #11 found, in STATE_MAIN_R3
Sep 19 11:26:35 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ***parse ISAKMP Hash Payload:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_SA
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ***parse ISAKMP Security Association Payload:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONCE
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 264
Sep 19 11:26:35 sbf-vpn pluto[11325]: | DOI: ISAKMP_DOI_IPSEC
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ***parse ISAKMP Nonce Payload:
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_ID
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_ID
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 18
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ID type: ID_FQDN
Sep 19 11:26:35 sbf-vpn pluto[11325]: | Protocol ID: 17
Sep 19 11:26:35 sbf-vpn pluto[11325]: | port: 1701
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 19 11:26:35 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NAT-OA
Sep 19 11:26:35 sbf-vpn pluto[11325]: | length: 12
Sep 19 11:26:35 sbf-vpn pluto[11325]: | ID type: ID_IPV4_ADDR
Sep 19 11:26:35 sbf-vpn pluto[11325]: | Protocol ID: 17
Sep 19 11:26:36 sbf-vpn pluto[11325]: | port: 1701
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ***parse ISAKMP NAT-OA Payload:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length: 12
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ID type: ID_IPV4_ADDR
Sep 19 11:26:36 sbf-vpn pluto[11325]: | removing 6 bytes of padding
Sep 19 11:26:36 sbf-vpn pluto[11325]: | our client is vpn_server_external_ip
Sep 19 11:26:36 sbf-vpn pluto[11325]: | our client protocol/port is 17/1701
Sep 19 11:26:36 sbf-vpn pluto[11325]: | duplicating state object #11
Sep 19 11:26:36 sbf-vpn pluto[11325]: | creating state object #12 at 0x8477f00
Sep 19 11:26:36 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:36 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:36 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:36 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:36 sbf-vpn pluto[11325]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #12
Sep 19 11:26:36 sbf-vpn pluto[11325]: | NAT-OA: 00 00 00 0c 01 00 00 00 c0 a8 00 15
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ****parse IPsec DOI SIT:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ****parse ISAKMP Proposal Payload:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length: 252
Sep 19 11:26:36 sbf-vpn pluto[11325]: | proposal number: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | protocol ID: PROTO_IPSEC_ESP
Sep 19 11:26:36 sbf-vpn pluto[11325]: | SPI size: 4
Sep 19 11:26:36 sbf-vpn pluto[11325]: | number of transforms: 6
Sep 19 11:26:36 sbf-vpn pluto[11325]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 19 11:26:36 sbf-vpn pluto[11325]: | SPI a8 2c c4 27
Sep 19 11:26:36 sbf-vpn pluto[11325]: | *****parse ISAKMP Transform Payload (ESP):
Sep 19 11:26:36 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_T
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length: 40
Sep 19 11:26:36 sbf-vpn pluto[11325]: | transform number: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | transform ID: ESP_3DES
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: SA_LIFE_TYPE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: SA_LIFE_DURATION (variable length)
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 4
Sep 19 11:26:36 sbf-vpn pluto[11325]: | long duration: 3600
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: SA_LIFE_TYPE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 2
Sep 19 11:26:36 sbf-vpn pluto[11325]: | [2 is SA_LIFE_TYPE_KBYTES]
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: SA_LIFE_DURATION (variable length)
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 4
Sep 19 11:26:36 sbf-vpn pluto[11325]: | long duration: 250000
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: ENCAPSULATION_MODE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 61444
Sep 19 11:26:36 sbf-vpn pluto[11325]: | [61444 is ENCAPSULATION_MODE_UDP_TRANSPORT]
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | af+type: AUTH_ALGORITHM
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Sep 19 11:26:36 sbf-vpn pluto[11325]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | asking helper 0 to do build_nonce op on seq: 10
Sep 19 11:26:36 sbf-vpn pluto[11325]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #12
Sep 19 11:26:36 sbf-vpn pluto[11328]: ! helper -1 doing build_nonce op id: 10
Sep 19 11:26:36 sbf-vpn pluto[11325]: | complete state transition with STF_SUSPEND
Sep 19 11:26:36 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 18 seconds
Sep 19 11:26:36 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ****parse IPsec DOI SIT:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 19 11:26:36 sbf-vpn pluto[11325]: | ****parse ISAKMP Proposal Payload:
Sep 19 11:26:36 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:36 sbf-vpn pluto[11325]: | length: 252
Sep 19 11:26:36 sbf-vpn pluto[11325]: | proposal number: 1
Sep 19 11:26:36 sbf-vpn pluto[11325]: | protocol ID: PROTO_IPSEC_ESP
Sep 19 11:26:36 sbf-vpn pluto[11325]: | SPI size: 4
Sep 19 11:26:36 sbf-vpn pluto[11325]: | number of transforms: 6
Sep 19 11:26:36 sbf-vpn pluto[11325]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 19 11:26:36 sbf-vpn pluto[11325]: | SPI a8 2c c4 27
Sep 19 11:26:37 sbf-vpn pluto[11325]: | *****parse ISAKMP Transform Payload (ESP):
Sep 19 11:26:37 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_T
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length: 40
Sep 19 11:26:37 sbf-vpn pluto[11325]: | transform number: 1
Sep 19 11:26:37 sbf-vpn pluto[11325]: | transform ID: ESP_3DES
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: SA_LIFE_TYPE
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:37 sbf-vpn pluto[11325]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: SA_LIFE_DURATION (variable length)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 4
Sep 19 11:26:37 sbf-vpn pluto[11325]: | long duration: 3600
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: SA_LIFE_TYPE
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 2
Sep 19 11:26:37 sbf-vpn pluto[11325]: | [2 is SA_LIFE_TYPE_KBYTES]
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: SA_LIFE_DURATION (variable length)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 4
Sep 19 11:26:37 sbf-vpn pluto[11325]: | long duration: 250000
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: ENCAPSULATION_MODE
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 61444
Sep 19 11:26:37 sbf-vpn pluto[11325]: | [61444 is ENCAPSULATION_MODE_UDP_TRANSPORT]
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ******parse ISAKMP IPsec DOI attribute:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | af+type: AUTH_ALGORITHM
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length/value: 1
Sep 19 11:26:37 sbf-vpn pluto[11325]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: responding to Quick Mode {msgid:835dea13}
Sep 19 11:26:37 sbf-vpn pluto[11325]: | compute_proto_keymat:needed_len (after ESP enc)=24
Sep 19 11:26:37 sbf-vpn pluto[11325]: | compute_proto_keymat:needed_len (after ESP auth)=40
Sep 19 11:26:37 sbf-vpn pluto[11325]: | install_inbound_ipsec_sa() checking if we can route
Sep 19 11:26:37 sbf-vpn pluto[11325]: | route owner of "sbfroad"[10] roadwarrior_external_ip unrouted: NULL; eroute owner: NULL
Sep 19 11:26:37 sbf-vpn pluto[11325]: | could_route called for sbfroad (kind=CK_INSTANCE)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | add inbound eroute roadwarrior_external_ip/32:1701 --17-> vpn_server_external_ip/32:1701 => tun.10000 at vpn_server_external_ip (raw_eroute)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | complete state transition with STF_OK
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 19 11:26:37 sbf-vpn pluto[11325]: | sending reply packet to roadwarrior_external_ip:4500 (from port=4500)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | sending 172 bytes for STATE_QUICK_R0 through eth1:4500 to roadwarrior_external_ip:4500:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #12
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 19 11:26:37 sbf-vpn pluto[11325]: | modecfg pull: noquirk policy:push not-client
Sep 19 11:26:37 sbf-vpn pluto[11325]: | phase 1 is done, looking for phase 1 to unpend
Sep 19 11:26:37 sbf-vpn pluto[11325]: | next event EVENT_RETRANSMIT in 10 seconds for #12
Sep 19 11:26:37 sbf-vpn pluto[11325]: |
Sep 19 11:26:37 sbf-vpn pluto[11325]: | *received 388 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:37 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:37 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:37 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_QUICK
Sep 19 11:26:37 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:26:37 sbf-vpn pluto[11325]: | message ID: 13 ea 5d 83
Sep 19 11:26:37 sbf-vpn pluto[11325]: | length: 388
Sep 19 11:26:37 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:37 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:37 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:37 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:37 sbf-vpn pluto[11325]: | peer and cookies match on #12, provided msgid 13ea5d83 vs 13ea5d83
Sep 19 11:26:37 sbf-vpn pluto[11325]: | state object #12 found, in STATE_QUICK_R1
Sep 19 11:26:37 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: next payload type of ISAKMP Hash Payload has an unknown value: 59
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: malformed payload in packet
Sep 19 11:26:37 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: sending notification PAYLOAD_MALFORMED to roadwarrior_external_ip:4500
Sep 19 11:26:37 sbf-vpn pluto[11325]: | sending 40 bytes for notification packet through eth1:4500 to roadwarrior_external_ip:4500:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | next event EVENT_RETRANSMIT in 10 seconds for #12
Sep 19 11:26:37 sbf-vpn pluto[11325]: |
Sep 19 11:26:37 sbf-vpn pluto[11325]: | *received 52 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:26:37 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:37 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:26:37 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:37 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:26:38 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:26:38 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_QUICK
Sep 19 11:26:38 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:26:38 sbf-vpn pluto[11325]: | message ID: 13 ea 5d 83
Sep 19 11:26:38 sbf-vpn pluto[11325]: | length: 52
Sep 19 11:26:38 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 19 11:26:38 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:26:38 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:26:38 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:26:38 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:26:38 sbf-vpn pluto[11325]: | peer and cookies match on #12, provided msgid 13ea5d83 vs 13ea5d83
Sep 19 11:26:38 sbf-vpn pluto[11325]: | state object #12 found, in STATE_QUICK_R1
Sep 19 11:26:38 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:38 sbf-vpn pluto[11325]: | ***parse ISAKMP Hash Payload:
Sep 19 11:26:38 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:26:38 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:26:38 sbf-vpn pluto[11325]: | install_ipsec_sa() for #12: outbound only
Sep 19 11:26:38 sbf-vpn pluto[11325]: | route owner of "sbfroad"[10] roadwarrior_external_ip unrouted: NULL; eroute owner: NULL
Sep 19 11:26:38 sbf-vpn pluto[11325]: | could_route called for sbfroad (kind=CK_INSTANCE)
Sep 19 11:26:38 sbf-vpn pluto[11325]: | sr for #12: unrouted
Sep 19 11:26:38 sbf-vpn pluto[11325]: | route owner of "sbfroad"[10] roadwarrior_external_ip unrouted: NULL; eroute owner: NULL
Sep 19 11:26:38 sbf-vpn pluto[11325]: | eroute_connection add eroute vpn_server_external_ip/32:1701 --17-> roadwarrior_external_ip/32:1701 => esp.a82cc427 at roadwarrior_external_ip (raw_eroute)
Sep 19 11:26:38 sbf-vpn pluto[11325]: | command executing up-host
Sep 19 11:26:38 sbf-vpn pluto[11325]: | executing up-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='sbfroad' PLUTO_NEXT_HOP='roadwarrior_external_ip' PLUTO_INTERFACE='eth1' PLUTO_ME='vpn_server_external_ip' PLUTO_MY_ID='vpn_server_external_ip' PLUTO_MY_CLIENT='vpn_server_external_ip/32' PLUTO_MY_CLIENT_NET='vpn_server_external_ip' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='roadwarrior_external_ip' PLUTO_PEER_ID='@freelander' PLUTO_PEER_CLIENT='roadwarrior_external_ip/32' PLUTO_PEER_CLIENT_NET='roadwarrior_external_ip' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL' ipsec _updown
Sep 19 11:26:38 sbf-vpn pluto[11325]: | route_and_eroute: firewall_notified: true
Sep 19 11:26:38 sbf-vpn pluto[11325]: | command executing prepare-host
Sep 19 11:26:38 sbf-vpn pluto[11325]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='sbfroad' PLUTO_NEXT_HOP='roadwarrior_external_ip' PLUTO_INTERFACE='eth1' PLUTO_ME='vpn_server_external_ip' PLUTO_MY_ID='vpn_server_external_ip' PLUTO_MY_CLIENT='vpn_server_external_ip/32' PLUTO_MY_CLIENT_NET='vpn_server_external_ip' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='roadwarrior_external_ip' PLUTO_PEER_ID='@freelander' PLUTO_PEER_CLIENT='roadwarrior_external_ip/32' PLUTO_PEER_CLIENT_NET='roadwarrior_external_ip' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL' ipsec _updown
Sep 19 11:26:40 sbf-vpn pluto[11325]: | command executing route-host
Sep 19 11:26:40 sbf-vpn pluto[11325]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='sbfroad' PLUTO_NEXT_HOP='roadwarrior_external_ip' PLUTO_INTERFACE='eth1' PLUTO_ME='vpn_server_external_ip' PLUTO_MY_ID='vpn_server_external_ip' PLUTO_MY_CLIENT='vpn_server_external_ip/32' PLUTO_MY_CLIENT_NET='vpn_server_external_ip' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='roadwarrior_external_ip' PLUTO_PEER_ID='@freelander' PLUTO_PEER_CLIENT='roadwarrior_external_ip/32' PLUTO_PEER_CLIENT_NET='roadwarrior_external_ip' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL' ipsec _updown
Sep 19 11:26:41 sbf-vpn pluto[11325]: | route_and_eroute: instance "sbfroad"[10] roadwarrior_external_ip, setting eroute_owner {spd=0x8477cac,sr=0x8477cac} to #12 (was #0) (newest_ipsec_sa=#0)
Sep 19 11:26:41 sbf-vpn pluto[11325]: | complete state transition with STF_OK
Sep 19 11:26:41 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 19 11:26:41 sbf-vpn pluto[11325]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #12
Sep 19 11:26:41 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #12: STATE_QUICK_R2: IPsec SA established {ESP=>0xa82cc427 <0xb171ed8c xfrm=3DES_0-HMAC_MD5 NATD=roadwarrior_external_ip:4500 DPD=none}
Sep 19 11:26:41 sbf-vpn pluto[11325]: | modecfg pull: noquirk policy:push not-client
Sep 19 11:26:41 sbf-vpn pluto[11325]: | phase 1 is done, looking for phase 1 to unpend
Sep 19 11:26:41 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 13 seconds
Sep 19 11:26:47 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:26:47 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 13 ae c4 ff 80 37 f1 60 92
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 75 38 36 91 21 dc 59 0d 13 e7 c0 f1 62 63 f6 c3
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 2a 99 9f 46 c1 41 3e db 33 3e 12 f7 84 ce a9 68
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 68 de d4 46 6a 71 1e c2 c9 cf 85 1f
Sep 19 11:26:47 sbf-vpn pluto[11325]: | control:
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: | name:
Sep 19 11:26:47 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:26:47 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:26:47 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 7 seconds
Sep 19 11:26:50 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 14 33 3e 12 f7 84 ce a9 68
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 08 4e 54 55 42 88 31 99 0b f5 77 58 f9 ed 5e ad
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 8e 96 9e e8 91 d7 01 46 f1 ab 4b 3e 1f a8 99 3b
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 13 14 a7 ff 7b cd 86 31 a8 75 b0 be
Sep 19 11:26:50 sbf-vpn pluto[11325]: | control:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | name:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:26:50 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 15 f1 ab 4b 3e 1f a8 99 3b
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 5e cd 80 07 88 27 55 f7 93 17 a0 41 55 16 84 42
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 54 e4 74 7c 33 a1 3e 6c 4b ce c1 96 97 aa 46 5f
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 98 ec 24 e5 48 ee 76 08 61 e9 87 14
Sep 19 11:26:50 sbf-vpn pluto[11325]: | control:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: | name:
Sep 19 11:26:50 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:26:50 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:26:50 sbf-vpn pluto[11325]: | next event EVENT_NAT_T_KEEPALIVE in 4 seconds
Sep 19 11:26:54 sbf-vpn pluto[11325]: |
Sep 19 11:26:54 sbf-vpn pluto[11325]: | *time to handle event
Sep 19 11:26:54 sbf-vpn pluto[11325]: | handling event EVENT_NAT_T_KEEPALIVE
Sep 19 11:26:54 sbf-vpn pluto[11325]: | event after this is EVENT_PENDING_PHASE2 in 60 seconds
Sep 19 11:26:54 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:54 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:26:54 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 60 seconds
Sep 19 11:26:56 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:26:56 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 16 4b ce c1 96 97 aa 46 5f
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 00 c9 27 14 4f 94 51 52 60 af 54 ab 26 cc 32 7d
Sep 19 11:26:56 sbf-vpn pluto[11325]: | ff 82 6d b8 38 6a 57 00 a4 ca a4 0a b1 dd 51 23
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 57 be 77 ec 29 92 25 72 5b 2c c5 9a
Sep 19 11:26:56 sbf-vpn pluto[11325]: | control:
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: | name:
Sep 19 11:26:56 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:26:56 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:26:56 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 58 seconds
Sep 19 11:26:59 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:26:59 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 17 a4 ca a4 0a b1 dd 51 23
Sep 19 11:26:59 sbf-vpn pluto[11325]: | bb 6a b2 7c 61 70 34 28 b7 e8 9d 14 f0 1e 42 86
Sep 19 11:26:59 sbf-vpn pluto[11325]: | fb 87 33 a7 98 f1 1e a2 0b 3f 16 ce 6b a4 0d c5
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 4a 76 ed 6c 35 2f 78 b7 b9 63 cb 13
Sep 19 11:26:59 sbf-vpn pluto[11325]: | control:
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:26:59 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:26:59 sbf-vpn pluto[11325]: | name:
Sep 19 11:26:59 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:27:26 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:27:26 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 25 1a f4 f1 44 8c f5 30 45
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 9f e0 2a e0 59 55 f5 7c 13 f4 de e7 06 26 45 31
Sep 19 11:27:26 sbf-vpn pluto[11325]: | b1 4f f7 4a 8a dd fa f9 b7 b3 57 c7 ae 20 62 b6
Sep 19 11:27:26 sbf-vpn pluto[11325]: | ac a6 b5 1e 7d b9 d6 7f 7c 98 57 c3 f6 69 0e 7b
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 89 92 13 3a c4 4a a8 21 5d 86 4c 9c 2a 3a c6 91
Sep 19 11:27:26 sbf-vpn pluto[11325]: | be 36 3e c5
Sep 19 11:27:26 sbf-vpn pluto[11325]: | control:
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: | name:
Sep 19 11:27:26 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:27:26 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:27:26 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 28 seconds
Sep 19 11:27:29 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 26 89 92 13 3a c4 4a a8 21
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 7d 09 03 e4 84 3c a5 72 af 1d dc 6e 7a 3e 5b ae
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 3e f1 27 ac bf d5 12 9a e9 ec 05 92 86 cd 59 06
Sep 19 11:27:29 sbf-vpn pluto[11325]: | cb 3a c8 4b b0 03 3c ac 2e a1 af 23 a9 52 66 17
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 66 dc f3 fb 49 18 cc 98 ab 29 c4 11 70 9e a8 d3
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 27 10 eb 7d
Sep 19 11:27:29 sbf-vpn pluto[11325]: | control:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | name:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:27:29 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | a8 2c c4 27 00 00 00 27 66 dc f3 fb 49 18 cc 98
Sep 19 11:27:29 sbf-vpn pluto[11325]: | da ee 13 1c 04 2f 36 ae 86 30 c0 37 62 38 24 80
Sep 19 11:27:29 sbf-vpn pluto[11325]: | fd 4c b1 97 1d a0 0f 5c bc c2 55 68 b5 92 92 12
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 9d 02 e5 9d a9 f2 1c 45 9f c7 d0 96 31 8f f5 26
Sep 19 11:27:29 sbf-vpn pluto[11325]: | c4 aa ea 54 54 6e 82 e1 ae 83 50 b0 5b 3b 5a 34
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 6c 49 12 33
Sep 19 11:27:29 sbf-vpn pluto[11325]: | control:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: | name:
Sep 19 11:27:29 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:27:29 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:27:29 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 25 seconds
Sep 19 11:27:54 sbf-vpn pluto[11325]: |
Sep 19 11:27:54 sbf-vpn pluto[11325]: | *time to handle event
Sep 19 11:27:54 sbf-vpn pluto[11325]: | handling event EVENT_PENDING_PHASE2
Sep 19 11:27:54 sbf-vpn pluto[11325]: | event after this is EVENT_REINIT_SECRET in 1796 seconds
Sep 19 11:27:54 sbf-vpn pluto[11325]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 19 11:27:54 sbf-vpn pluto[11325]: | pending review: connection "sbfroad" was not up, skipped
Sep 19 11:27:54 sbf-vpn pluto[11325]: | pending review: connection "sbfroad" was not up, skipped
Sep 19 11:27:54 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Sep 19 11:28:48 sbf-vpn pluto[11325]: |
Sep 19 11:28:48 sbf-vpn pluto[11325]: | *received 68 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:28:48 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:48 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:48 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:28:48 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_INFO
Sep 19 11:28:48 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:28:48 sbf-vpn pluto[11325]: | message ID: e8 d5 d1 16
Sep 19 11:28:48 sbf-vpn pluto[11325]: | length: 68
Sep 19 11:28:48 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5)
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:48 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:48 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:28:48 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:28:48 sbf-vpn pluto[11325]: | peer and cookies match on #12, provided msgid 00000000 vs 13ea5d83/00000000
Sep 19 11:28:48 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000/00000000
Sep 19 11:28:48 sbf-vpn pluto[11325]: | p15 state object #11 found, in STATE_MAIN_R3
Sep 19 11:28:48 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ***parse ISAKMP Hash Payload:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_D
Sep 19 11:28:48 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ***parse ISAKMP Delete Payload:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:28:48 sbf-vpn pluto[11325]: | length: 16
Sep 19 11:28:48 sbf-vpn pluto[11325]: | DOI: ISAKMP_DOI_IPSEC
Sep 19 11:28:48 sbf-vpn pluto[11325]: | protocol ID: 3
Sep 19 11:28:48 sbf-vpn pluto[11325]: | SPI size: 4
Sep 19 11:28:48 sbf-vpn pluto[11325]: | number of SPIs: 1
Sep 19 11:28:48 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:48 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: received Delete SA(0xa82cc427) payload: deleting IPSEC State #12
Sep 19 11:28:48 sbf-vpn pluto[11325]: | deleting state #12
Sep 19 11:28:48 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:48 sbf-vpn pluto[11325]: | sending 68 bytes for delete notify through eth1:4500 to roadwarrior_external_ip:4500:
Sep 19 11:28:48 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:49 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:28:49 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:28:49 sbf-vpn pluto[11325]: | command executing down-host
Sep 19 11:28:49 sbf-vpn pluto[11325]: | executing down-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='down-host' PLUTO_CONNECTION='sbfroad' PLUTO_NEXT_HOP='roadwarrior_external_ip' PLUTO_INTERFACE='eth1' PLUTO_ME='vpn_server_external_ip' PLUTO_MY_ID='vpn_server_external_ip' PLUTO_MY_CLIENT='vpn_server_external_ip/32' PLUTO_MY_CLIENT_NET='vpn_server_external_ip' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='roadwarrior_external_ip' PLUTO_PEER_ID='@freelander' PLUTO_PEER_CLIENT='roadwarrior_external_ip/32' PLUTO_PEER_CLIENT_NET='roadwarrior_external_ip' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL' ipsec _updown
Sep 19 11:28:49 sbf-vpn pluto[11325]: | replace with shunt eroute roadwarrior_external_ip/32:1701 --0-> vpn_server_external_ip/32:1701 => %trap (raw_eroute)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | eroute_connection replace with shunt eroute vpn_server_external_ip/32:1701 --17-> roadwarrior_external_ip/32:1701 => %trap (raw_eroute)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | delete inbound eroute roadwarrior_external_ip/32:1701 --17-> vpn_server_external_ip/32:1701 => unk255.10000 at vpn_server_external_ip (raw_eroute)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | del: a8 2c c4 27
Sep 19 11:28:49 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: received and ignored informational message
Sep 19 11:28:49 sbf-vpn pluto[11325]: | complete state transition with STF_IGNORE
Sep 19 11:28:49 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 65 seconds
Sep 19 11:28:49 sbf-vpn pluto[11325]: |
Sep 19 11:28:49 sbf-vpn pluto[11325]: | *received 84 bytes from roadwarrior_external_ip:4500 on eth1 (port=4500)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | **parse ISAKMP Message:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | initiator cookie:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:49 sbf-vpn pluto[11325]: | responder cookie:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:49 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_HASH
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ISAKMP version: ISAKMP Version 1.0
Sep 19 11:28:49 sbf-vpn pluto[11325]: | exchange type: ISAKMP_XCHG_INFO
Sep 19 11:28:49 sbf-vpn pluto[11325]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 19 11:28:49 sbf-vpn pluto[11325]: | message ID: 08 a6 ff ed
Sep 19 11:28:49 sbf-vpn pluto[11325]: | length: 84
Sep 19 11:28:49 sbf-vpn pluto[11325]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:49 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:28:49 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000/00000000
Sep 19 11:28:49 sbf-vpn pluto[11325]: | p15 state object #11 found, in STATE_MAIN_R3
Sep 19 11:28:49 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ***parse ISAKMP Hash Payload:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_D
Sep 19 11:28:49 sbf-vpn pluto[11325]: | length: 24
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ***parse ISAKMP Delete Payload:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | next payload type: ISAKMP_NEXT_NONE
Sep 19 11:28:49 sbf-vpn pluto[11325]: | length: 28
Sep 19 11:28:49 sbf-vpn pluto[11325]: | DOI: ISAKMP_DOI_IPSEC
Sep 19 11:28:49 sbf-vpn pluto[11325]: | protocol ID: 1
Sep 19 11:28:49 sbf-vpn pluto[11325]: | SPI size: 16
Sep 19 11:28:49 sbf-vpn pluto[11325]: | number of SPIs: 1
Sep 19 11:28:49 sbf-vpn pluto[11325]: | removing 4 bytes of padding
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:49 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:28:49 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000
Sep 19 11:28:49 sbf-vpn pluto[11325]: | state object #11 found, in STATE_MAIN_R3
Sep 19 11:28:49 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:49 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip #11: received Delete SA payload: deleting ISAKMP State #11
Sep 19 11:28:49 sbf-vpn pluto[11325]: | deleting state #11
Sep 19 11:28:49 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:49 sbf-vpn pluto[11325]: | sending 84 bytes for delete notify through eth1:4500 to roadwarrior_external_ip:4500:
Sep 19 11:28:49 sbf-vpn pluto[11325]: | ICOOKIE: 08 9d 18 aa 5a 86 32 be
Sep 19 11:28:49 sbf-vpn pluto[11325]: | RCOOKIE: ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:49 sbf-vpn pluto[11325]: | peer: c8 9e 88 95
Sep 19 11:28:49 sbf-vpn pluto[11325]: | state hash entry 12
Sep 19 11:28:49 sbf-vpn pluto[11325]: | processing connection sbfroad[10] roadwarrior_external_ip
Sep 19 11:28:49 sbf-vpn pluto[11325]: "sbfroad"[10] roadwarrior_external_ip: deleting connection "sbfroad" instance with peer roadwarrior_external_ip {isakmp=#0/ipsec=#0}
Sep 19 11:28:49 sbf-vpn pluto[11325]: | delete eroute roadwarrior_external_ip/32:1701 --0-> vpn_server_external_ip/32:1701 => int.0 at vpn_server_external_ip (raw_eroute)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | eroute_connection delete eroute vpn_server_external_ip/32:1701 --17-> roadwarrior_external_ip/32:1701 => int.0 at 0.0.0.0 (raw_eroute)
Sep 19 11:28:49 sbf-vpn pluto[11325]: | route owner of "sbfroad" unrouted: NULL
Sep 19 11:28:50 sbf-vpn pluto[11325]: | command executing unroute-host
Sep 19 11:28:50 sbf-vpn pluto[11325]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='sbfroad' PLUTO_NEXT_HOP='roadwarrior_external_ip' PLUTO_INTERFACE='eth1' PLUTO_ME='vpn_server_external_ip' PLUTO_MY_ID='vpn_server_external_ip' PLUTO_MY_CLIENT='vpn_server_external_ip/32' PLUTO_MY_CLIENT_NET='vpn_server_external_ip' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='roadwarrior_external_ip' PLUTO_PEER_ID='@freelander' PLUTO_PEER_CLIENT='roadwarrior_external_ip/32' PLUTO_PEER_CLIENT_NET='roadwarrior_external_ip' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL' ipsec _updown
Sep 19 11:28:50 sbf-vpn pluto[11325]: | del: 08 9d 18 aa 5a 86 32 be ca 21 f3 6b 60 33 4d 15
Sep 19 11:28:50 sbf-vpn pluto[11325]: packet from roadwarrior_external_ip:4500: received and ignored informational message
Sep 19 11:28:50 sbf-vpn pluto[11325]: | complete state transition with STF_IGNORE
Sep 19 11:28:50 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 64 seconds
Sep 19 11:28:51 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:28:51 sbf-vpn pluto[11325]: | 00 00 00 00 08 9d 18 aa 5a 86 32 be ca 21 f3 6b
Sep 19 11:28:51 sbf-vpn pluto[11325]: | 60 33 4d 15 08 10 05 01 96 a8 85 8d 00 00 00 44
Sep 19 11:28:51 sbf-vpn pluto[11325]: | 41 12 6b 9a 66 e9 b3 a1 0a f8 93 8e 4a 09 fb 4c
Sep 19 11:28:51 sbf-vpn pluto[11325]: | 61 9b 2f 8b f8 f8 c1 66 55 25 2d 6d ab 7c 4f 17
Sep 19 11:28:51 sbf-vpn pluto[11325]: | dc 7c f1 ca 3a 0e 4a 8e
Sep 19 11:28:51 sbf-vpn pluto[11325]: | control:
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | name:
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:28:52 sbf-vpn pluto[11325]: | rejected packet:
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 00 00 00 00 08 9d 18 aa 5a 86 32 be ca 21 f3 6b
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 60 33 4d 15 08 10 05 01 a8 8b f1 66 00 00 00 54
Sep 19 11:28:52 sbf-vpn pluto[11325]: | d5 30 f9 78 c4 c4 67 51 52 09 28 09 b2 8a ad 26
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 8f 70 7c eb 9b 6b 34 1d 12 f8 34 55 62 30 58 ba
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 6b d3 c6 54 11 93 53 b9 b4 6e 96 62 b1 4b 28 a4
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 75 97 00 f6 f3 00 6a 15
Sep 19 11:28:52 sbf-vpn pluto[11325]: | control:
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 18 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | c8 ab 67 60 c8 ab 67 60 2c 00 00 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 0b 00 00 00 71 00 00 00 02 03 01 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 00 00 00 00 02 00 00 00 c8 ab 67 60 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: | name:
Sep 19 11:28:52 sbf-vpn pluto[11325]: | 02 00 11 94 c8 9e 88 95 00 00 00 00 00 00 00 00
Sep 19 11:28:52 sbf-vpn pluto[11325]: ERROR: asynchronous network error report on eth1 (sport=4500) for message to roadwarrior_external_ip port 4500, complainant vpn_server_external_ip: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Sep 19 11:28:52 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 62 seconds
Sep 19 11:29:54 sbf-vpn pluto[11325]: |
Sep 19 11:29:54 sbf-vpn pluto[11325]: | *time to handle event
Sep 19 11:29:54 sbf-vpn pluto[11325]: | handling event EVENT_PENDING_PHASE2
Sep 19 11:29:54 sbf-vpn pluto[11325]: | event after this is EVENT_REINIT_SECRET in 1676 seconds
Sep 19 11:29:54 sbf-vpn pluto[11325]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 19 11:29:54 sbf-vpn pluto[11325]: | pending review: connection "sbfroad" was not up, skipped
Sep 19 11:29:54 sbf-vpn pluto[11325]: | next event EVENT_PENDING_PHASE2 in 120 seconds
More information about the Users
mailing list