[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
Meron Lavie
lavie at netvision.net.il
Thu Aug 3 16:11:38 EDT 2006
This is the log without pluto debugging. Any ideas?:
==========================================================
Aug 3 21:04:22 lavie010 pluto[2508]: packet from 72.72.115.187:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 3 21:04:22 lavie010 pluto[2508]: packet from 72.72.115.187:500:
ignoring Vendor ID payload [FRAGMENTATION]
Aug 3 21:04:22 lavie010 pluto[2508]: packet from 72.72.115.187:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Aug 3 21:04:22 lavie010 pluto[2508]: packet from 72.72.115.187:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Aug 3 21:04:22 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: responding to Main Mode from unknown peer 72.72.115.187
Aug 3 21:04:22 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 3 21:04:22 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
NATed
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[1] 72.72.115.187
#1: Main mode peer ID is ID_FQDN: '@LAVIED610.chdomain.careerharmony.com'
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: deleting connection "L2TP-PSK-EXTERNAL" instance with peer 72.72.115.187
{isakmp=#0/ipsec=#0}
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: I did not send a certificate because I do not have one.
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 3 21:04:23 lavie010 pluto[2508]: | NAT-T: new mapping
72.72.115.187:500/50416)
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#2: responding to Quick Mode {msgid:e4142b62}
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 3 21:04:23 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Aug 3 21:04:24 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 3 21:04:24 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#2: STATE_QUICK_R2: IPsec SA established {ESP=>0xe38eddf2 <0x1a5ef997
xfrm=3DES_0-HMAC_MD5 NATD=72.72.115.187:50416 DPD=none}
Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: received Delete SA(0xe38eddf2) payload: deleting IPSEC State #2
Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: received and ignored informational message
Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
#1: received Delete SA payload: deleting ISAKMP State #1
Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187:
deleting connection "L2TP-PSK-EXTERNAL" instance with peer 72.72.115.187
{isakmp=#0/ipsec=#0}
Aug 3 21:04:59 lavie010 pluto[2508]: packet from 72.72.115.187:50416:
received and ignored informational message
==========================================================
-----Original Message-----
From: Andy Gay [mailto:andy at andynet.net]
Sent: Thursday, August 03, 2006 5:30 PM
To: Meron Lavie
Cc: users at openswan.org
Subject: Re: [Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
On Thu, 2006-08-03 at 07:42 +0300, Meron Lavie wrote:
> I am trying to set up a typical Road Warrior connection, where both the
> OpenSwan server and the XP clients are both NAT-ed. Authentication is via
> PSK. OpenSwan sits on my gateway/firewall, which is connected to the
> Internet by an ADSL PPPoE modem. The open Internet address is
> 111.111.111.111. This is PPP'd to the ADSL modem, which presents itself as
> 10.0.0.138 to the external interface on the gateway. The external
interface
> on the gateway/firewall is 10.0.0.1. Its internal interface to the LAN is
> 192.168.254/
>
> OpenSwan 2.4.5 is installed on an FC5 with the latest kernel on that
> gateway/firewall, which NATs to 192.168.1.0/24. I made a test of
connecting
> a WinXP/SP2 client from within the LAN and it worked fine. However,
external
> access from behind a NAT'ed Road Warrior fails. I should emphasize that
the
> XP/SP2 Road Warrior clients have the registry fix to allow NAT-ed use.
>
> My "ipsec verify" returns everything OK.
>
> Yet it doesn't work.
>
> Any help would be greatly appreciated.
Please remove the 'plutodebug="control parsing"' line, or set it to
'none', and post your logs after doing that.
>
> Lavie
>
>
> Following is my ipsec.secrets:
> ==========================
> 10.0.0.1 %any: PSK "password"
> 192.168.1.254 %any: PSK "password"
> 111.111.111.111 %any: PSK "password"
> 10.0.0.138 %any: PSK "password"
> ==========================
>
> Following is my ipsec.conf:
> ==========================
> # /etc/ipsec.conf - Openswan IPsec configuration file
> # Manual: ipsec.conf.5
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for
lots.
> # klipsdebug=none
> plutodebug="control parsing"
> nat_traversal=yes
>
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
> .168.1.1/24
>
> conn L2TP-PSK-INTERNAL
> authby=secret
> pfs=no
> rekey=no
> keyingtries=3
> left=192.168.1.254
> leftprotoport=17/%any
> right=%any
> rightprotoport=17/%any
> auto=add
>
> conn L2TP-PSK-EXTERNAL
> authby=secret
> pfs=no
> rekey=no
> keyingtries=3
> left=10.0.0.1
> leftnexthop=10.0.0.138
> leftid=10.0.0.1
> leftprotoport=17/1701
> right=%any
> rightsubnet=vhost:%no,%priv
> rightprotoport=17/1701
> #rightid=@LAVIED610.chdomain.careerharmony.com
> auto=add
>
> #include /etc/ipsec.d/*.conf
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> ==========================
>
> Following is /var/log/secure
> ==========================
> Aug 3 07:35:33 lavie010 pluto[30617]: |
> Aug 3 07:35:33 lavie010 pluto[30617]: | *time to handle event
> Aug 3 07:35:33 lavie010 pluto[30617]: | handling event
EVENT_PENDING_PHASE2
> Aug 3 07:35:33 lavie010 pluto[30617]: | event after this is
> EVENT_REINIT_SECRET in 3360 seconds
> Aug 3 07:35:33 lavie010 pluto[30617]: | inserting event
> EVENT_PENDING_PHASE2, timeout in 120 seconds
> Aug 3 07:35:33 lavie010 pluto[30617]: | pending review: connection
> "L2TP-PSK-INTERNAL" was not up, skipped
> Aug 3 07:35:33 lavie010 pluto[30617]: | pending review: connection
> "L2TP-PSK-EXTERNAL" was not up, skipped
> Aug 3 07:35:33 lavie010 pluto[30617]: | next event EVENT_PENDING_PHASE2
in
> 120 seconds
> Aug 3 07:35:36 lavie010 pluto[30617]: |
> Aug 3 07:35:36 lavie010 pluto[30617]: | *received 312 bytes from
> 72.72.115.187:500 on eth0 (port=500)
> Aug 3 07:35:36 lavie010 pluto[30617]: | **parse ISAKMP Message:
> Aug 3 07:35:36 lavie010 pluto[30617]: | initiator cookie:
> Aug 3 07:35:36 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> Aug 3 07:35:36 lavie010 pluto[30617]: | responder cookie:
> Aug 3 07:35:36 lavie010 pluto[30617]: | 00 00 00 00 00 00 00 00
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_SA
> Aug 3 07:35:36 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> 1.0
> Aug 3 07:35:36 lavie010 pluto[30617]: | exchange type:
> ISAKMP_XCHG_IDPROT
> Aug 3 07:35:36 lavie010 pluto[30617]: | flags: none
> Aug 3 07:35:36 lavie010 pluto[30617]: | message ID: 00 00 00 00
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 312
> Aug 3 07:35:36 lavie010 pluto[30617]: | processing packet with exchange
> type=ISAKMP_XCHG_IDPROT (2)
> Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Security
> Association Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 200
> Aug 3 07:35:36 lavie010 pluto[30617]: | DOI: ISAKMP_DOI_IPSEC
> Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> to=106
> Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [Vid-Initial-Contact]
> Aug 3 07:35:36 lavie010 pluto[30617]: | instantiated "L2TP-PSK-EXTERNAL"
> for 72.72.115.187
> Aug 3 07:35:36 lavie010 pluto[30617]: | creating state object #1 at
> 0x89ff3f8
> Aug 3 07:35:36 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:36 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
c4
> Aug 3 07:35:36 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
f3
> Aug 3 07:35:36 lavie010 pluto[30617]: | peer: 48 48 73 bb
> Aug 3 07:35:36 lavie010 pluto[30617]: | state hash entry 14
> Aug 3 07:35:36 lavie010 pluto[30617]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #1
> Aug 3 07:35:36 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: responding to Main Mode from unknown peer 72.72.115.187
> Aug 3 07:35:36 lavie010 pluto[30617]: | ****parse IPsec DOI SIT:
> Aug 3 07:35:36 lavie010 pluto[30617]: | IPsec DOI SIT:
SIT_IDENTITY_ONLY
> Aug 3 07:35:36 lavie010 pluto[30617]: | ****parse ISAKMP Proposal
Payload:
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 188
> Aug 3 07:35:36 lavie010 pluto[30617]: | proposal number: 1
> Aug 3 07:35:36 lavie010 pluto[30617]: | protocol ID: PROTO_ISAKMP
> Aug 3 07:35:36 lavie010 pluto[30617]: | SPI size: 0
> Aug 3 07:35:36 lavie010 pluto[30617]: | number of transforms: 5
> Aug 3 07:35:36 lavie010 pluto[30617]: | *****parse ISAKMP Transform
Payload
> (ISAKMP):
> Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
ISAKMP_NEXT_T
> Aug 3 07:35:36 lavie010 pluto[30617]: | length: 36
> Aug 3 07:35:36 lavie010 pluto[30617]: | transform number: 1
> Aug 3 07:35:36 lavie010 pluto[30617]: | transform ID: KEY_IKE
> Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:36 lavie010 pluto[30617]: | af+type:
> OAKLEY_ENCRYPTION_ALGORITHM
> Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 5
> Aug 3 07:35:36 lavie010 pluto[30617]: | [5 is OAKLEY_3DES_CBC]
> Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:36 lavie010 pluto[30617]: | af+type: OAKLEY_HASH_ALGORITHM
> Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 2
> Aug 3 07:35:36 lavie010 pluto[30617]: | [2 is OAKLEY_SHA1]
> Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:36 lavie010 pluto[30617]: | af+type:
> OAKLEY_GROUP_DESCRIPTION
> Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 14
> Aug 3 07:35:36 lavie010 pluto[30617]: | [14 is OAKLEY_GROUP_MODP2048]
> Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:37 lavie010 pluto[30617]: | af+type:
> OAKLEY_AUTHENTICATION_METHOD
> Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 1
> Aug 3 07:35:37 lavie010 pluto[30617]: | [1 is OAKLEY_PRESHARED_KEY]
> Aug 3 07:35:37 lavie010 pluto[30617]: | started looking for secret for
> 10.0.0.1->72.72.115.187 of kind PPK_PSK
> Aug 3 07:35:37 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> Aug 3 07:35:37 lavie010 pluto[30617]: | actually looking for secret for
> 10.0.0.1->0.0.0.0 of kind PPK_PSK
> Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> 10.0.0.1 / 72.72.115.187 -> 6
> Aug 3 07:35:37 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> (line=16)
> Aug 3 07:35:37 lavie010 pluto[30617]: | concluding with best_match=6
> best=0x89fdf38 (lineno=16)
> Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:37 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_TYPE
> Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 1
> Aug 3 07:35:37 lavie010 pluto[30617]: | [1 is OAKLEY_LIFE_SECONDS]
> Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:37 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_DURATION
> (variable length)
> Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 4
> Aug 3 07:35:37 lavie010 pluto[30617]: | long duration: 28800
> Aug 3 07:35:37 lavie010 pluto[30617]: | Oakley Transform 1 accepted
> Aug 3 07:35:37 lavie010 pluto[30617]: | complete state transition with
> STF_OK
> Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Aug 3 07:35:37 lavie010 pluto[30617]: | sending reply packet to
> 72.72.115.187:500 (from port=500)
> Aug 3 07:35:37 lavie010 pluto[30617]: | sending 140 bytes for
STATE_MAIN_R0
> through eth0:500 to 72.72.115.187:500:
> Aug 3 07:35:37 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> timeout in 10 seconds for #1
> Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: STATE_MAIN_R1: sent MR1, expecting MI2
> Aug 3 07:35:37 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> not-client
> Aug 3 07:35:37 lavie010 pluto[30617]: | phase 1 is done, looking for
phase
> 1 to unpend
> Aug 3 07:35:37 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 10
> seconds for #1
> Aug 3 07:35:37 lavie010 pluto[30617]: |
> Aug 3 07:35:37 lavie010 pluto[30617]: | *received 312 bytes from
> 72.72.115.187:500 on eth0 (port=500)
> Aug 3 07:35:37 lavie010 pluto[30617]: | **parse ISAKMP Message:
> Aug 3 07:35:37 lavie010 pluto[30617]: | initiator cookie:
> Aug 3 07:35:37 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> Aug 3 07:35:37 lavie010 pluto[30617]: | responder cookie:
> Aug 3 07:35:37 lavie010 pluto[30617]: | 00 00 00 00 00 00 00 00
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_SA
> Aug 3 07:35:37 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> 1.0
> Aug 3 07:35:37 lavie010 pluto[30617]: | exchange type:
> ISAKMP_XCHG_IDPROT
> Aug 3 07:35:37 lavie010 pluto[30617]: | flags: none
> Aug 3 07:35:37 lavie010 pluto[30617]: | message ID: 00 00 00 00
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 312
> Aug 3 07:35:37 lavie010 pluto[30617]: | processing packet with exchange
> type=ISAKMP_XCHG_IDPROT (2)
> Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Security
> Association Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 200
> Aug 3 07:35:37 lavie010 pluto[30617]: | DOI: ISAKMP_DOI_IPSEC
> Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_VID
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> to=106
> Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> ignoring Vendor ID payload [Vid-Initial-Contact]
> Aug 3 07:35:37 lavie010 pluto[30617]: | creating state object #2 at
> 0x89ffa50
> Aug 3 07:35:37 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:37 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
c4
> Aug 3 07:35:37 lavie010 pluto[30617]: | RCOOKIE: a0 73 4e 9e 05 b3 6d
3e
> Aug 3 07:35:37 lavie010 pluto[30617]: | peer: 48 48 73 bb
> Aug 3 07:35:37 lavie010 pluto[30617]: | state hash entry 10
> Aug 3 07:35:37 lavie010 pluto[30617]: | inserting event EVENT_SO_DISCARD,
> timeout in 0 seconds for #2
> Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #2: responding to Main Mode from unknown peer 72.72.115.187
> Aug 3 07:35:37 lavie010 pluto[30617]: | ****parse IPsec DOI SIT:
> Aug 3 07:35:37 lavie010 pluto[30617]: | IPsec DOI SIT:
SIT_IDENTITY_ONLY
> Aug 3 07:35:37 lavie010 pluto[30617]: | ****parse ISAKMP Proposal
Payload:
> Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:37 lavie010 pluto[30617]: | length: 188
> Aug 3 07:35:38 lavie010 pluto[30617]: | proposal number: 1
> Aug 3 07:35:38 lavie010 pluto[30617]: | protocol ID: PROTO_ISAKMP
> Aug 3 07:35:38 lavie010 pluto[30617]: | SPI size: 0
> Aug 3 07:35:38 lavie010 pluto[30617]: | number of transforms: 5
> Aug 3 07:35:38 lavie010 pluto[30617]: | *****parse ISAKMP Transform
Payload
> (ISAKMP):
> Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
ISAKMP_NEXT_T
> Aug 3 07:35:38 lavie010 pluto[30617]: | length: 36
> Aug 3 07:35:38 lavie010 pluto[30617]: | transform number: 1
> Aug 3 07:35:38 lavie010 pluto[30617]: | transform ID: KEY_IKE
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> OAKLEY_ENCRYPTION_ALGORITHM
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 5
> Aug 3 07:35:38 lavie010 pluto[30617]: | [5 is OAKLEY_3DES_CBC]
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_HASH_ALGORITHM
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | [2 is OAKLEY_SHA1]
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> OAKLEY_GROUP_DESCRIPTION
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 14
> Aug 3 07:35:38 lavie010 pluto[30617]: | [14 is OAKLEY_GROUP_MODP2048]
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> OAKLEY_AUTHENTICATION_METHOD
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 1
> Aug 3 07:35:38 lavie010 pluto[30617]: | [1 is OAKLEY_PRESHARED_KEY]
> Aug 3 07:35:38 lavie010 pluto[30617]: | started looking for secret for
> 10.0.0.1->72.72.115.187 of kind PPK_PSK
> Aug 3 07:35:38 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> Aug 3 07:35:38 lavie010 pluto[30617]: | actually looking for secret for
> 10.0.0.1->0.0.0.0 of kind PPK_PSK
> Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> 10.0.0.1 / 72.72.115.187 -> 6
> Aug 3 07:35:38 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> (line=16)
> Aug 3 07:35:38 lavie010 pluto[30617]: | concluding with best_match=6
> best=0x89fdf38 (lineno=16)
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_TYPE
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 1
> Aug 3 07:35:38 lavie010 pluto[30617]: | [1 is OAKLEY_LIFE_SECONDS]
> Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> attribute:
> Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_DURATION
> (variable length)
> Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 4
> Aug 3 07:35:38 lavie010 pluto[30617]: | long duration: 28800
> Aug 3 07:35:38 lavie010 pluto[30617]: | Oakley Transform 1 accepted
> Aug 3 07:35:38 lavie010 pluto[30617]: | complete state transition with
> STF_OK
> Aug 3 07:35:38 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Aug 3 07:35:38 lavie010 pluto[30617]: | sending reply packet to
> 72.72.115.187:500 (from port=500)
> Aug 3 07:35:38 lavie010 pluto[30617]: | sending 140 bytes for
STATE_MAIN_R0
> through eth0:500 to 72.72.115.187:500:
> Aug 3 07:35:38 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> timeout in 10 seconds for #2
> Aug 3 07:35:38 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #2: STATE_MAIN_R1: sent MR1, expecting MI2
> Aug 3 07:35:38 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> not-client
> Aug 3 07:35:38 lavie010 pluto[30617]: | phase 1 is done, looking for
phase
> 1 to unpend
> Aug 3 07:35:38 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> seconds for #1
> Aug 3 07:35:38 lavie010 pluto[30617]: |
> Aug 3 07:35:38 lavie010 pluto[30617]: | *received 360 bytes from
> 72.72.115.187:500 on eth0 (port=500)
> Aug 3 07:35:38 lavie010 pluto[30617]: | **parse ISAKMP Message:
> Aug 3 07:35:38 lavie010 pluto[30617]: | initiator cookie:
> Aug 3 07:35:38 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> Aug 3 07:35:38 lavie010 pluto[30617]: | responder cookie:
> Aug 3 07:35:38 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_KE
> Aug 3 07:35:38 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> 1.0
> Aug 3 07:35:38 lavie010 pluto[30617]: | exchange type:
> ISAKMP_XCHG_IDPROT
> Aug 3 07:35:38 lavie010 pluto[30617]: | flags: none
> Aug 3 07:35:38 lavie010 pluto[30617]: | message ID: 00 00 00 00
> Aug 3 07:35:38 lavie010 pluto[30617]: | length: 360
> Aug 3 07:35:38 lavie010 pluto[30617]: | processing packet with exchange
> type=ISAKMP_XCHG_IDPROT (2)
> Aug 3 07:35:38 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
c4
> Aug 3 07:35:38 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
f3
> Aug 3 07:35:38 lavie010 pluto[30617]: | peer: 48 48 73 bb
> Aug 3 07:35:38 lavie010 pluto[30617]: | state hash entry 14
> Aug 3 07:35:38 lavie010 pluto[30617]: | peer and cookies match on #1,
> provided msgid 00000000 vs 00000000
> Aug 3 07:35:38 lavie010 pluto[30617]: | state object #1 found, in
> STATE_MAIN_R1
> Aug 3 07:35:38 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:38 lavie010 pluto[30617]: | ***parse ISAKMP Key Exchange
> Payload:
> Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONCE
> Aug 3 07:35:38 lavie010 pluto[30617]: | length: 260
> Aug 3 07:35:38 lavie010 pluto[30617]: | ***parse ISAKMP Nonce Payload:
> Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NAT-D
> Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:39 lavie010 pluto[30617]: | ***parse ISAKMP NAT-D Payload:
> Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NAT-D
> Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:39 lavie010 pluto[30617]: | ***parse ISAKMP NAT-D Payload:
> Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
> NATed
> Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event
> EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
> Aug 3 07:35:39 lavie010 pluto[30617]: | 0: w->pcw_dead: 0 w->pcw_work: 0
> cnt: 1
> Aug 3 07:35:39 lavie010 pluto[30617]: | asking helper 0 to do
build_kenonce
> op on seq: 1
> Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event
> EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
> Aug 3 07:35:39 lavie010 pluto[30623]: ! helper -1 doing build_kenonce op
> id: 1
> Aug 3 07:35:39 lavie010 pluto[30617]: | complete state transition with
> STF_SUSPEND
> Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> seconds for #2
> Aug 3 07:35:39 lavie010 pluto[30617]: |
> Aug 3 07:35:39 lavie010 pluto[30617]: | *received 360 bytes from
> 72.72.115.187:500 on eth0 (port=500)
> Aug 3 07:35:39 lavie010 pluto[30617]: | **parse ISAKMP Message:
> Aug 3 07:35:39 lavie010 pluto[30617]: | initiator cookie:
> Aug 3 07:35:39 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> Aug 3 07:35:39 lavie010 pluto[30617]: | responder cookie:
> Aug 3 07:35:39 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_KE
> Aug 3 07:35:39 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> 1.0
> Aug 3 07:35:39 lavie010 pluto[30617]: | exchange type:
> ISAKMP_XCHG_IDPROT
> Aug 3 07:35:39 lavie010 pluto[30617]: | flags: none
> Aug 3 07:35:39 lavie010 pluto[30617]: | message ID: 00 00 00 00
> Aug 3 07:35:39 lavie010 pluto[30617]: | length: 360
> Aug 3 07:35:39 lavie010 pluto[30617]: | processing packet with exchange
> type=ISAKMP_XCHG_IDPROT (2)
> Aug 3 07:35:39 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
c4
> Aug 3 07:35:39 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
f3
> Aug 3 07:35:39 lavie010 pluto[30617]: | peer: 48 48 73 bb
> Aug 3 07:35:39 lavie010 pluto[30617]: | state hash entry 14
> Aug 3 07:35:39 lavie010 pluto[30617]: | peer and cookies match on #1,
> provided msgid 00000000 vs 00000000
> Aug 3 07:35:39 lavie010 pluto[30617]: | state object #1 found, in
> STATE_MAIN_R1
> Aug 3 07:35:39 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: discarding packet received during asynchronous work (DNS or crypto) in
> STATE_MAIN_R1
> Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> seconds for #2
> Aug 3 07:35:39 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:39 lavie010 pluto[30617]: | started looking for secret for
> 10.0.0.1->72.72.115.187 of kind PPK_PSK
> Aug 3 07:35:39 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> Aug 3 07:35:39 lavie010 pluto[30617]: | actually looking for secret for
> 10.0.0.1->0.0.0.0 of kind PPK_PSK
> Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> 10.0.0.1 / 72.72.115.187 -> 6
> Aug 3 07:35:39 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> (line=16)
> Aug 3 07:35:39 lavie010 pluto[30617]: | concluding with best_match=6
> best=0x89fdf38 (lineno=16)
> Aug 3 07:35:39 lavie010 pluto[30617]: | complete state transition with
> STF_OK
> Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Aug 3 07:35:39 lavie010 pluto[30617]: | sending reply packet to
> 72.72.115.187:500 (from port=500)
> Aug 3 07:35:39 lavie010 pluto[30617]: | sending 356 bytes for
STATE_MAIN_R1
> through eth0:500 to 72.72.115.187:500:
> Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> timeout in 10 seconds for #1
> Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: STATE_MAIN_R2: sent MR2, expecting MI3
> Aug 3 07:35:39 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> not-client
> Aug 3 07:35:39 lavie010 pluto[30617]: | phase 1 is done, looking for
phase
> 1 to unpend
> Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> seconds for #2
> Aug 3 07:35:40 lavie010 pluto[30617]: |
> Aug 3 07:35:40 lavie010 pluto[30617]: | *received 100 bytes from
> 72.72.115.187:50576 on eth0 (port=4500)
> Aug 3 07:35:40 lavie010 pluto[30617]: | **parse ISAKMP Message:
> Aug 3 07:35:40 lavie010 pluto[30617]: | initiator cookie:
> Aug 3 07:35:40 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> Aug 3 07:35:40 lavie010 pluto[30617]: | responder cookie:
> Aug 3 07:35:40 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_ID
> Aug 3 07:35:40 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> 1.0
> Aug 3 07:35:40 lavie010 pluto[30617]: | exchange type:
> ISAKMP_XCHG_IDPROT
> Aug 3 07:35:40 lavie010 pluto[30617]: | flags: ISAKMP_FLAG_ENCRYPTION
> Aug 3 07:35:40 lavie010 pluto[30617]: | message ID: 00 00 00 00
> Aug 3 07:35:40 lavie010 pluto[30617]: | length: 100
> Aug 3 07:35:40 lavie010 pluto[30617]: | processing packet with exchange
> type=ISAKMP_XCHG_IDPROT (2)
> Aug 3 07:35:40 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
c4
> Aug 3 07:35:40 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
f3
> Aug 3 07:35:40 lavie010 pluto[30617]: | peer: 48 48 73 bb
> Aug 3 07:35:40 lavie010 pluto[30617]: | state hash entry 14
> Aug 3 07:35:40 lavie010 pluto[30617]: | peer and cookies match on #1,
> provided msgid 00000000 vs 00000000
> Aug 3 07:35:40 lavie010 pluto[30617]: | state object #1 found, in
> STATE_MAIN_R2
> Aug 3 07:35:40 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[1] 72.72.115.187
> Aug 3 07:35:40 lavie010 pluto[30617]: | ***parse ISAKMP Identification
> Payload:
> Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_HASH
> Aug 3 07:35:40 lavie010 pluto[30617]: | length: 44
> Aug 3 07:35:40 lavie010 pluto[30617]: | ID type: ID_FQDN
> Aug 3 07:35:40 lavie010 pluto[30617]: | DOI specific A: 0
> Aug 3 07:35:40 lavie010 pluto[30617]: | DOI specific B: 0
> Aug 3 07:35:40 lavie010 pluto[30617]: | ***parse ISAKMP Hash Payload:
> Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_NONE
> Aug 3 07:35:40 lavie010 pluto[30617]: | length: 24
> Aug 3 07:35:40 lavie010 pluto[30617]: | removing 4 bytes of padding
> Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
72.72.115.187
> #1: Main mode peer ID is ID_FQDN: '@LAVIED610.chdomain.careerharmony.com'
> Aug 3 07:35:40 lavie010 pluto[30617]: | started looking for secret for
> 10.0.0.1->72.72.115.187 of kind PPK_PSK
> Aug 3 07:35:40 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> Aug 3 07:35:40 lavie010 pluto[30617]: | actually looking for secret for
> 10.0.0.1->0.0.0.0 of kind PPK_PSK
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> 10.0.0.1 / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / 72.72.115.187 -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> 10.0.0.1 / 72.72.115.187 -> 6
> Aug 3 07:35:40 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> (line=16)
> Aug 3 07:35:40 lavie010 pluto[30617]: | concluding with best_match=6
> best=0x89fdf38 (lineno=16)
> Aug 3 07:35:40 lavie010 pluto[30617]: | started looking for secret for
> 10.0.0.1->(none) of kind PPK_PSK
> Aug 3 07:35:40 lavie010 pluto[30617]: | replace him to 0.0.0.0
> Aug 3 07:35:40 lavie010 pluto[30617]: | actually looking for secret for
> 10.0.0.1->0.0.0.0 of kind PPK_PSK
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> 10.0.0.1 / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
to
> 10.0.0.1 / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> 10.0.0.1 / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
10.0.0.1
> / (none) -> 2
> Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> 10.0.0.1 / (none) -> 6
> Aug 3 07:35:40 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> (line=16)
> Aug 3 07:35:40 lavie010 pluto[30617]: | concluding with best_match=6
> best=0x89fdf38 (lineno=16)
> Aug 3 07:35:40 lavie010 pluto[30617]: | offered CA: '%none'
> Aug 3 07:35:40 lavie010 pluto[30617]: | switched from "L2TP-PSK-EXTERNAL"
> to "L2TP-PSK-EXTERNAL"
> Aug 3 07:35:40 lavie010 pluto[30617]: | instantiated "L2TP-PSK-EXTERNAL"
> for 72.72.115.187
> Aug 3 07:35:40 lavie010 pluto[30617]: | processing connection
> L2TP-PSK-EXTERNAL[2] 72.72.115.187
> Aug 3 07:35:40 lavie010 pluto[30617]: | thinking about whether to send my
> certificate:
> Aug 3 07:35:40 lavie010 pluto[30617]: | I have RSA key:
> OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
> Aug 3 07:35:40 lavie010 pluto[30617]: | sendcert: CERT_ALWAYSSEND and I
> did not get a certificate request
> Aug 3 07:35:40 lavie010 pluto[30617]: | so do not send cert.
> Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[2]
72.72.115.187
> #1: I did not send a certificate because I do not have one.
> Aug 3 07:35:40 lavie010 pluto[30617]: | complete state transition with
> STF_OK
> Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[2]
72.72.115.187
> #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> ==========================
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list