[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
Andy Gay
andy at andynet.net
Thu Aug 3 09:25:42 EDT 2006
On Thu, 2006-08-03 at 21:11 +0300, Meron Lavie wrote:
> This is the log without pluto debugging. Any ideas?:
>
> ==========================================================
<snip...>
> Aug 3 21:04:24 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
> #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xe38eddf2 <0x1a5ef997
> xfrm=3DES_0-HMAC_MD5 NATD=72.72.115.187:50416 DPD=none}
Looks good here, but...
> Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
> #1: received Delete SA(0xe38eddf2) payload: deleting IPSEC State #2
the client drops the connection almost immediately.
You'll need to check the client logs to find out why it did that.
> Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
> #1: received and ignored informational message
> Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187
> #1: received Delete SA payload: deleting ISAKMP State #1
> Aug 3 21:04:59 lavie010 pluto[2508]: "L2TP-PSK-EXTERNAL"[2] 72.72.115.187:
> deleting connection "L2TP-PSK-EXTERNAL" instance with peer 72.72.115.187
> {isakmp=#0/ipsec=#0}
> Aug 3 21:04:59 lavie010 pluto[2508]: packet from 72.72.115.187:50416:
> received and ignored informational message
> ==========================================================
>
> -----Original Message-----
> From: Andy Gay [mailto:andy at andynet.net]
> Sent: Thursday, August 03, 2006 5:30 PM
> To: Meron Lavie
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
>
> On Thu, 2006-08-03 at 07:42 +0300, Meron Lavie wrote:
> > I am trying to set up a typical Road Warrior connection, where both the
> > OpenSwan server and the XP clients are both NAT-ed. Authentication is via
> > PSK. OpenSwan sits on my gateway/firewall, which is connected to the
> > Internet by an ADSL PPPoE modem. The open Internet address is
> > 111.111.111.111. This is PPP'd to the ADSL modem, which presents itself as
> > 10.0.0.138 to the external interface on the gateway. The external
> interface
> > on the gateway/firewall is 10.0.0.1. Its internal interface to the LAN is
> > 192.168.254/
> >
> > OpenSwan 2.4.5 is installed on an FC5 with the latest kernel on that
> > gateway/firewall, which NATs to 192.168.1.0/24. I made a test of
> connecting
> > a WinXP/SP2 client from within the LAN and it worked fine. However,
> external
> > access from behind a NAT'ed Road Warrior fails. I should emphasize that
> the
> > XP/SP2 Road Warrior clients have the registry fix to allow NAT-ed use.
> >
> > My "ipsec verify" returns everything OK.
> >
> > Yet it doesn't work.
> >
> > Any help would be greatly appreciated.
>
> Please remove the 'plutodebug="control parsing"' line, or set it to
> 'none', and post your logs after doing that.
>
> >
> > Lavie
> >
> >
> > Following is my ipsec.secrets:
> > ==========================
> > 10.0.0.1 %any: PSK "password"
> > 192.168.1.254 %any: PSK "password"
> > 111.111.111.111 %any: PSK "password"
> > 10.0.0.138 %any: PSK "password"
> > ==========================
> >
> > Following is my ipsec.conf:
> > ==========================
> > # /etc/ipsec.conf - Openswan IPsec configuration file
> > # Manual: ipsec.conf.5
> > # Please place your own config files in /etc/ipsec.d/ ending in .conf
> >
> > version 2.0 # conforms to second version of ipsec.conf specification
> >
> > # basic configuration
> > config setup
> > # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
> > # klipsdebug=none
> > plutodebug="control parsing"
> > nat_traversal=yes
> >
> >
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
> > .168.1.1/24
> >
> > conn L2TP-PSK-INTERNAL
> > authby=secret
> > pfs=no
> > rekey=no
> > keyingtries=3
> > left=192.168.1.254
> > leftprotoport=17/%any
> > right=%any
> > rightprotoport=17/%any
> > auto=add
> >
> > conn L2TP-PSK-EXTERNAL
> > authby=secret
> > pfs=no
> > rekey=no
> > keyingtries=3
> > left=10.0.0.1
> > leftnexthop=10.0.0.138
> > leftid=10.0.0.1
> > leftprotoport=17/1701
> > right=%any
> > rightsubnet=vhost:%no,%priv
> > rightprotoport=17/1701
> > #rightid=@LAVIED610.chdomain.careerharmony.com
> > auto=add
> >
> > #include /etc/ipsec.d/*.conf
> > #Disable Opportunistic Encryption
> > include /etc/ipsec.d/examples/no_oe.conf
> > ==========================
> >
> > Following is /var/log/secure
> > ==========================
> > Aug 3 07:35:33 lavie010 pluto[30617]: |
> > Aug 3 07:35:33 lavie010 pluto[30617]: | *time to handle event
> > Aug 3 07:35:33 lavie010 pluto[30617]: | handling event
> EVENT_PENDING_PHASE2
> > Aug 3 07:35:33 lavie010 pluto[30617]: | event after this is
> > EVENT_REINIT_SECRET in 3360 seconds
> > Aug 3 07:35:33 lavie010 pluto[30617]: | inserting event
> > EVENT_PENDING_PHASE2, timeout in 120 seconds
> > Aug 3 07:35:33 lavie010 pluto[30617]: | pending review: connection
> > "L2TP-PSK-INTERNAL" was not up, skipped
> > Aug 3 07:35:33 lavie010 pluto[30617]: | pending review: connection
> > "L2TP-PSK-EXTERNAL" was not up, skipped
> > Aug 3 07:35:33 lavie010 pluto[30617]: | next event EVENT_PENDING_PHASE2
> in
> > 120 seconds
> > Aug 3 07:35:36 lavie010 pluto[30617]: |
> > Aug 3 07:35:36 lavie010 pluto[30617]: | *received 312 bytes from
> > 72.72.115.187:500 on eth0 (port=500)
> > Aug 3 07:35:36 lavie010 pluto[30617]: | **parse ISAKMP Message:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | initiator cookie:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> > Aug 3 07:35:36 lavie010 pluto[30617]: | responder cookie:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | 00 00 00 00 00 00 00 00
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_SA
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> > 1.0
> > Aug 3 07:35:36 lavie010 pluto[30617]: | exchange type:
> > ISAKMP_XCHG_IDPROT
> > Aug 3 07:35:36 lavie010 pluto[30617]: | flags: none
> > Aug 3 07:35:36 lavie010 pluto[30617]: | message ID: 00 00 00 00
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 312
> > Aug 3 07:35:36 lavie010 pluto[30617]: | processing packet with exchange
> > type=ISAKMP_XCHG_IDPROT (2)
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Security
> > Association Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 200
> > Aug 3 07:35:36 lavie010 pluto[30617]: | DOI: ISAKMP_DOI_IPSEC
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [FRAGMENTATION]
> > Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> > to=106
> > Aug 3 07:35:36 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [Vid-Initial-Contact]
> > Aug 3 07:35:36 lavie010 pluto[30617]: | instantiated "L2TP-PSK-EXTERNAL"
> > for 72.72.115.187
> > Aug 3 07:35:36 lavie010 pluto[30617]: | creating state object #1 at
> > 0x89ff3f8
> > Aug 3 07:35:36 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
> c4
> > Aug 3 07:35:36 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
> f3
> > Aug 3 07:35:36 lavie010 pluto[30617]: | peer: 48 48 73 bb
> > Aug 3 07:35:36 lavie010 pluto[30617]: | state hash entry 14
> > Aug 3 07:35:36 lavie010 pluto[30617]: | inserting event EVENT_SO_DISCARD,
> > timeout in 0 seconds for #1
> > Aug 3 07:35:36 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: responding to Main Mode from unknown peer 72.72.115.187
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ****parse IPsec DOI SIT:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ****parse ISAKMP Proposal
> Payload:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 188
> > Aug 3 07:35:36 lavie010 pluto[30617]: | proposal number: 1
> > Aug 3 07:35:36 lavie010 pluto[30617]: | protocol ID: PROTO_ISAKMP
> > Aug 3 07:35:36 lavie010 pluto[30617]: | SPI size: 0
> > Aug 3 07:35:36 lavie010 pluto[30617]: | number of transforms: 5
> > Aug 3 07:35:36 lavie010 pluto[30617]: | *****parse ISAKMP Transform
> Payload
> > (ISAKMP):
> > Aug 3 07:35:36 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_T
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length: 36
> > Aug 3 07:35:36 lavie010 pluto[30617]: | transform number: 1
> > Aug 3 07:35:36 lavie010 pluto[30617]: | transform ID: KEY_IKE
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | af+type:
> > OAKLEY_ENCRYPTION_ALGORITHM
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 5
> > Aug 3 07:35:36 lavie010 pluto[30617]: | [5 is OAKLEY_3DES_CBC]
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | af+type: OAKLEY_HASH_ALGORITHM
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 2
> > Aug 3 07:35:36 lavie010 pluto[30617]: | [2 is OAKLEY_SHA1]
> > Aug 3 07:35:36 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:36 lavie010 pluto[30617]: | af+type:
> > OAKLEY_GROUP_DESCRIPTION
> > Aug 3 07:35:36 lavie010 pluto[30617]: | length/value: 14
> > Aug 3 07:35:36 lavie010 pluto[30617]: | [14 is OAKLEY_GROUP_MODP2048]
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | af+type:
> > OAKLEY_AUTHENTICATION_METHOD
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 1
> > Aug 3 07:35:37 lavie010 pluto[30617]: | [1 is OAKLEY_PRESHARED_KEY]
> > Aug 3 07:35:37 lavie010 pluto[30617]: | started looking for secret for
> > 10.0.0.1->72.72.115.187 of kind PPK_PSK
> > Aug 3 07:35:37 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> > Aug 3 07:35:37 lavie010 pluto[30617]: | actually looking for secret for
> > 10.0.0.1->0.0.0.0 of kind PPK_PSK
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
> to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> > 10.0.0.1 / 72.72.115.187 -> 6
> > Aug 3 07:35:37 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> > (line=16)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | concluding with best_match=6
> > best=0x89fdf38 (lineno=16)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_TYPE
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 1
> > Aug 3 07:35:37 lavie010 pluto[30617]: | [1 is OAKLEY_LIFE_SECONDS]
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_DURATION
> > (variable length)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length/value: 4
> > Aug 3 07:35:37 lavie010 pluto[30617]: | long duration: 28800
> > Aug 3 07:35:37 lavie010 pluto[30617]: | Oakley Transform 1 accepted
> > Aug 3 07:35:37 lavie010 pluto[30617]: | complete state transition with
> > STF_OK
> > Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> > Aug 3 07:35:37 lavie010 pluto[30617]: | sending reply packet to
> > 72.72.115.187:500 (from port=500)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | sending 140 bytes for
> STATE_MAIN_R0
> > through eth0:500 to 72.72.115.187:500:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> > timeout in 10 seconds for #1
> > Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: STATE_MAIN_R1: sent MR1, expecting MI2
> > Aug 3 07:35:37 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> > not-client
> > Aug 3 07:35:37 lavie010 pluto[30617]: | phase 1 is done, looking for
> phase
> > 1 to unpend
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 10
> > seconds for #1
> > Aug 3 07:35:37 lavie010 pluto[30617]: |
> > Aug 3 07:35:37 lavie010 pluto[30617]: | *received 312 bytes from
> > 72.72.115.187:500 on eth0 (port=500)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | **parse ISAKMP Message:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | initiator cookie:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> > Aug 3 07:35:37 lavie010 pluto[30617]: | responder cookie:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | 00 00 00 00 00 00 00 00
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_SA
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> > 1.0
> > Aug 3 07:35:37 lavie010 pluto[30617]: | exchange type:
> > ISAKMP_XCHG_IDPROT
> > Aug 3 07:35:37 lavie010 pluto[30617]: | flags: none
> > Aug 3 07:35:37 lavie010 pluto[30617]: | message ID: 00 00 00 00
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 312
> > Aug 3 07:35:37 lavie010 pluto[30617]: | processing packet with exchange
> > type=ISAKMP_XCHG_IDPROT (2)
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Security
> > Association Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 200
> > Aug 3 07:35:37 lavie010 pluto[30617]: | DOI: ISAKMP_DOI_IPSEC
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_VID
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ***parse ISAKMP Vendor ID
> Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 20
> > Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> > Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [FRAGMENTATION]
> > Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> > to=106
> > Aug 3 07:35:37 lavie010 pluto[30617]: packet from 72.72.115.187:500:
> > ignoring Vendor ID payload [Vid-Initial-Contact]
> > Aug 3 07:35:37 lavie010 pluto[30617]: | creating state object #2 at
> > 0x89ffa50
> > Aug 3 07:35:37 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
> c4
> > Aug 3 07:35:37 lavie010 pluto[30617]: | RCOOKIE: a0 73 4e 9e 05 b3 6d
> 3e
> > Aug 3 07:35:37 lavie010 pluto[30617]: | peer: 48 48 73 bb
> > Aug 3 07:35:37 lavie010 pluto[30617]: | state hash entry 10
> > Aug 3 07:35:37 lavie010 pluto[30617]: | inserting event EVENT_SO_DISCARD,
> > timeout in 0 seconds for #2
> > Aug 3 07:35:37 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #2: responding to Main Mode from unknown peer 72.72.115.187
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ****parse IPsec DOI SIT:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | IPsec DOI SIT:
> SIT_IDENTITY_ONLY
> > Aug 3 07:35:37 lavie010 pluto[30617]: | ****parse ISAKMP Proposal
> Payload:
> > Aug 3 07:35:37 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:37 lavie010 pluto[30617]: | length: 188
> > Aug 3 07:35:38 lavie010 pluto[30617]: | proposal number: 1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | protocol ID: PROTO_ISAKMP
> > Aug 3 07:35:38 lavie010 pluto[30617]: | SPI size: 0
> > Aug 3 07:35:38 lavie010 pluto[30617]: | number of transforms: 5
> > Aug 3 07:35:38 lavie010 pluto[30617]: | *****parse ISAKMP Transform
> Payload
> > (ISAKMP):
> > Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> ISAKMP_NEXT_T
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length: 36
> > Aug 3 07:35:38 lavie010 pluto[30617]: | transform number: 1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | transform ID: KEY_IKE
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> > OAKLEY_ENCRYPTION_ALGORITHM
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 5
> > Aug 3 07:35:38 lavie010 pluto[30617]: | [5 is OAKLEY_3DES_CBC]
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_HASH_ALGORITHM
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | [2 is OAKLEY_SHA1]
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> > OAKLEY_GROUP_DESCRIPTION
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 14
> > Aug 3 07:35:38 lavie010 pluto[30617]: | [14 is OAKLEY_GROUP_MODP2048]
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type:
> > OAKLEY_AUTHENTICATION_METHOD
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | [1 is OAKLEY_PRESHARED_KEY]
> > Aug 3 07:35:38 lavie010 pluto[30617]: | started looking for secret for
> > 10.0.0.1->72.72.115.187 of kind PPK_PSK
> > Aug 3 07:35:38 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> > Aug 3 07:35:38 lavie010 pluto[30617]: | actually looking for secret for
> > 10.0.0.1->0.0.0.0 of kind PPK_PSK
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
> to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> > 10.0.0.1 / 72.72.115.187 -> 6
> > Aug 3 07:35:38 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> > (line=16)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | concluding with best_match=6
> > best=0x89fdf38 (lineno=16)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_TYPE
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | [1 is OAKLEY_LIFE_SECONDS]
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ******parse ISAKMP Oakley
> > attribute:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | af+type: OAKLEY_LIFE_DURATION
> > (variable length)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length/value: 4
> > Aug 3 07:35:38 lavie010 pluto[30617]: | long duration: 28800
> > Aug 3 07:35:38 lavie010 pluto[30617]: | Oakley Transform 1 accepted
> > Aug 3 07:35:38 lavie010 pluto[30617]: | complete state transition with
> > STF_OK
> > Aug 3 07:35:38 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | sending reply packet to
> > 72.72.115.187:500 (from port=500)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | sending 140 bytes for
> STATE_MAIN_R0
> > through eth0:500 to 72.72.115.187:500:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> > timeout in 10 seconds for #2
> > Aug 3 07:35:38 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #2: STATE_MAIN_R1: sent MR1, expecting MI2
> > Aug 3 07:35:38 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> > not-client
> > Aug 3 07:35:38 lavie010 pluto[30617]: | phase 1 is done, looking for
> phase
> > 1 to unpend
> > Aug 3 07:35:38 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> > seconds for #1
> > Aug 3 07:35:38 lavie010 pluto[30617]: |
> > Aug 3 07:35:38 lavie010 pluto[30617]: | *received 360 bytes from
> > 72.72.115.187:500 on eth0 (port=500)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | **parse ISAKMP Message:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | initiator cookie:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> > Aug 3 07:35:38 lavie010 pluto[30617]: | responder cookie:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> > Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_KE
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> > 1.0
> > Aug 3 07:35:38 lavie010 pluto[30617]: | exchange type:
> > ISAKMP_XCHG_IDPROT
> > Aug 3 07:35:38 lavie010 pluto[30617]: | flags: none
> > Aug 3 07:35:38 lavie010 pluto[30617]: | message ID: 00 00 00 00
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length: 360
> > Aug 3 07:35:38 lavie010 pluto[30617]: | processing packet with exchange
> > type=ISAKMP_XCHG_IDPROT (2)
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
> c4
> > Aug 3 07:35:38 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
> f3
> > Aug 3 07:35:38 lavie010 pluto[30617]: | peer: 48 48 73 bb
> > Aug 3 07:35:38 lavie010 pluto[30617]: | state hash entry 14
> > Aug 3 07:35:38 lavie010 pluto[30617]: | peer and cookies match on #1,
> > provided msgid 00000000 vs 00000000
> > Aug 3 07:35:38 lavie010 pluto[30617]: | state object #1 found, in
> > STATE_MAIN_R1
> > Aug 3 07:35:38 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ***parse ISAKMP Key Exchange
> > Payload:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONCE
> > Aug 3 07:35:38 lavie010 pluto[30617]: | length: 260
> > Aug 3 07:35:38 lavie010 pluto[30617]: | ***parse ISAKMP Nonce Payload:
> > Aug 3 07:35:38 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NAT-D
> > Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:39 lavie010 pluto[30617]: | ***parse ISAKMP NAT-D Payload:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NAT-D
> > Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:39 lavie010 pluto[30617]: | ***parse ISAKMP NAT-D Payload:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:39 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
> > NATed
> > Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event
> > EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 0: w->pcw_dead: 0 w->pcw_work: 0
> > cnt: 1
> > Aug 3 07:35:39 lavie010 pluto[30617]: | asking helper 0 to do
> build_kenonce
> > op on seq: 1
> > Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event
> > EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
> > Aug 3 07:35:39 lavie010 pluto[30623]: ! helper -1 doing build_kenonce op
> > id: 1
> > Aug 3 07:35:39 lavie010 pluto[30617]: | complete state transition with
> > STF_SUSPEND
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> > seconds for #2
> > Aug 3 07:35:39 lavie010 pluto[30617]: |
> > Aug 3 07:35:39 lavie010 pluto[30617]: | *received 360 bytes from
> > 72.72.115.187:500 on eth0 (port=500)
> > Aug 3 07:35:39 lavie010 pluto[30617]: | **parse ISAKMP Message:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | initiator cookie:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> > Aug 3 07:35:39 lavie010 pluto[30617]: | responder cookie:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_KE
> > Aug 3 07:35:39 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> > 1.0
> > Aug 3 07:35:39 lavie010 pluto[30617]: | exchange type:
> > ISAKMP_XCHG_IDPROT
> > Aug 3 07:35:39 lavie010 pluto[30617]: | flags: none
> > Aug 3 07:35:39 lavie010 pluto[30617]: | message ID: 00 00 00 00
> > Aug 3 07:35:39 lavie010 pluto[30617]: | length: 360
> > Aug 3 07:35:39 lavie010 pluto[30617]: | processing packet with exchange
> > type=ISAKMP_XCHG_IDPROT (2)
> > Aug 3 07:35:39 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
> c4
> > Aug 3 07:35:39 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
> f3
> > Aug 3 07:35:39 lavie010 pluto[30617]: | peer: 48 48 73 bb
> > Aug 3 07:35:39 lavie010 pluto[30617]: | state hash entry 14
> > Aug 3 07:35:39 lavie010 pluto[30617]: | peer and cookies match on #1,
> > provided msgid 00000000 vs 00000000
> > Aug 3 07:35:39 lavie010 pluto[30617]: | state object #1 found, in
> > STATE_MAIN_R1
> > Aug 3 07:35:39 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: discarding packet received during asynchronous work (DNS or crypto) in
> > STATE_MAIN_R1
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> > seconds for #2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:39 lavie010 pluto[30617]: | started looking for secret for
> > 10.0.0.1->72.72.115.187 of kind PPK_PSK
> > Aug 3 07:35:39 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> > Aug 3 07:35:39 lavie010 pluto[30617]: | actually looking for secret for
> > 10.0.0.1->0.0.0.0 of kind PPK_PSK
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
> to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> > 10.0.0.1 / 72.72.115.187 -> 6
> > Aug 3 07:35:39 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> > (line=16)
> > Aug 3 07:35:39 lavie010 pluto[30617]: | concluding with best_match=6
> > best=0x89fdf38 (lineno=16)
> > Aug 3 07:35:39 lavie010 pluto[30617]: | complete state transition with
> > STF_OK
> > Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> > Aug 3 07:35:39 lavie010 pluto[30617]: | sending reply packet to
> > 72.72.115.187:500 (from port=500)
> > Aug 3 07:35:39 lavie010 pluto[30617]: | sending 356 bytes for
> STATE_MAIN_R1
> > through eth0:500 to 72.72.115.187:500:
> > Aug 3 07:35:39 lavie010 pluto[30617]: | inserting event EVENT_RETRANSMIT,
> > timeout in 10 seconds for #1
> > Aug 3 07:35:39 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: STATE_MAIN_R2: sent MR2, expecting MI3
> > Aug 3 07:35:39 lavie010 pluto[30617]: | modecfg pull: noquirk policy:push
> > not-client
> > Aug 3 07:35:39 lavie010 pluto[30617]: | phase 1 is done, looking for
> phase
> > 1 to unpend
> > Aug 3 07:35:39 lavie010 pluto[30617]: | next event EVENT_RETRANSMIT in 9
> > seconds for #2
> > Aug 3 07:35:40 lavie010 pluto[30617]: |
> > Aug 3 07:35:40 lavie010 pluto[30617]: | *received 100 bytes from
> > 72.72.115.187:50576 on eth0 (port=4500)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | **parse ISAKMP Message:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | initiator cookie:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 0c 2b 55 a7 6e e5 b6 c4
> > Aug 3 07:35:40 lavie010 pluto[30617]: | responder cookie:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | e5 94 45 5f b5 ac 1d f3
> > Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_ID
> > Aug 3 07:35:40 lavie010 pluto[30617]: | ISAKMP version: ISAKMP Version
> > 1.0
> > Aug 3 07:35:40 lavie010 pluto[30617]: | exchange type:
> > ISAKMP_XCHG_IDPROT
> > Aug 3 07:35:40 lavie010 pluto[30617]: | flags: ISAKMP_FLAG_ENCRYPTION
> > Aug 3 07:35:40 lavie010 pluto[30617]: | message ID: 00 00 00 00
> > Aug 3 07:35:40 lavie010 pluto[30617]: | length: 100
> > Aug 3 07:35:40 lavie010 pluto[30617]: | processing packet with exchange
> > type=ISAKMP_XCHG_IDPROT (2)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | ICOOKIE: 0c 2b 55 a7 6e e5 b6
> c4
> > Aug 3 07:35:40 lavie010 pluto[30617]: | RCOOKIE: e5 94 45 5f b5 ac 1d
> f3
> > Aug 3 07:35:40 lavie010 pluto[30617]: | peer: 48 48 73 bb
> > Aug 3 07:35:40 lavie010 pluto[30617]: | state hash entry 14
> > Aug 3 07:35:40 lavie010 pluto[30617]: | peer and cookies match on #1,
> > provided msgid 00000000 vs 00000000
> > Aug 3 07:35:40 lavie010 pluto[30617]: | state object #1 found, in
> > STATE_MAIN_R2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[1] 72.72.115.187
> > Aug 3 07:35:40 lavie010 pluto[30617]: | ***parse ISAKMP Identification
> > Payload:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_HASH
> > Aug 3 07:35:40 lavie010 pluto[30617]: | length: 44
> > Aug 3 07:35:40 lavie010 pluto[30617]: | ID type: ID_FQDN
> > Aug 3 07:35:40 lavie010 pluto[30617]: | DOI specific A: 0
> > Aug 3 07:35:40 lavie010 pluto[30617]: | DOI specific B: 0
> > Aug 3 07:35:40 lavie010 pluto[30617]: | ***parse ISAKMP Hash Payload:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | next payload type:
> > ISAKMP_NEXT_NONE
> > Aug 3 07:35:40 lavie010 pluto[30617]: | length: 24
> > Aug 3 07:35:40 lavie010 pluto[30617]: | removing 4 bytes of padding
> > Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[1]
> 72.72.115.187
> > #1: Main mode peer ID is ID_FQDN: '@LAVIED610.chdomain.careerharmony.com'
> > Aug 3 07:35:40 lavie010 pluto[30617]: | started looking for secret for
> > 10.0.0.1->72.72.115.187 of kind PPK_PSK
> > Aug 3 07:35:40 lavie010 pluto[30617]: | instantiating him to 0.0.0.0
> > Aug 3 07:35:40 lavie010 pluto[30617]: | actually looking for secret for
> > 10.0.0.1->0.0.0.0 of kind PPK_PSK
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
> to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> > 10.0.0.1 / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / 72.72.115.187 -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> > 10.0.0.1 / 72.72.115.187 -> 6
> > Aug 3 07:35:40 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> > (line=16)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | concluding with best_match=6
> > best=0x89fdf38 (lineno=16)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | started looking for secret for
> > 10.0.0.1->(none) of kind PPK_PSK
> > Aug 3 07:35:40 lavie010 pluto[30617]: | replace him to 0.0.0.0
> > Aug 3 07:35:40 lavie010 pluto[30617]: | actually looking for secret for
> > 10.0.0.1->0.0.0.0 of kind PPK_PSK
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.138 to
> > 10.0.0.1 / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.117.103.195
> to
> > 10.0.0.1 / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 192.168.1.254 to
> > 10.0.0.1 / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 1: compared PSK 0.0.0.0 to
> 10.0.0.1
> > / (none) -> 2
> > Aug 3 07:35:40 lavie010 pluto[30617]: | 2: compared PSK 10.0.0.1 to
> > 10.0.0.1 / (none) -> 6
> > Aug 3 07:35:40 lavie010 pluto[30617]: | best_match 0>6 best=0x89fdf38
> > (line=16)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | concluding with best_match=6
> > best=0x89fdf38 (lineno=16)
> > Aug 3 07:35:40 lavie010 pluto[30617]: | offered CA: '%none'
> > Aug 3 07:35:40 lavie010 pluto[30617]: | switched from "L2TP-PSK-EXTERNAL"
> > to "L2TP-PSK-EXTERNAL"
> > Aug 3 07:35:40 lavie010 pluto[30617]: | instantiated "L2TP-PSK-EXTERNAL"
> > for 72.72.115.187
> > Aug 3 07:35:40 lavie010 pluto[30617]: | processing connection
> > L2TP-PSK-EXTERNAL[2] 72.72.115.187
> > Aug 3 07:35:40 lavie010 pluto[30617]: | thinking about whether to send my
> > certificate:
> > Aug 3 07:35:40 lavie010 pluto[30617]: | I have RSA key:
> > OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
> > Aug 3 07:35:40 lavie010 pluto[30617]: | sendcert: CERT_ALWAYSSEND and I
> > did not get a certificate request
> > Aug 3 07:35:40 lavie010 pluto[30617]: | so do not send cert.
> > Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[2]
> 72.72.115.187
> > #1: I did not send a certificate because I do not have one.
> > Aug 3 07:35:40 lavie010 pluto[30617]: | complete state transition with
> > STF_OK
> > Aug 3 07:35:40 lavie010 pluto[30617]: "L2TP-PSK-EXTERNAL"[2]
> 72.72.115.187
> > #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> > ==========================
> >
> >
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list