[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall
Kimberly Knowles Nico
kimberly_nico at yahoo.com
Wed Jan 11 07:48:00 CET 2006
I am having connectivity trouble. I installed OpenSwan 2.3.0 from the RPM for
RHEL 3. I have tried to use the SonicWall configuration example as well as
SonicWall's own examples (I don't think I should use XAUTH, since the SonicWall
config has Require XAUTH = no). I'm not sure if I should be using Main Mode or
Aggressive Mode, but I think Main Mode.
I haven't touched my firewall yet, because as far as I can tell, my key
negotiation is failing in the first packet response:
[root at localhost tmp]# /usr/sbin/ipsec auto --up vizdom
104 "vizdom" #2: STATE_MAIN_I1: initiate
010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "vizdom" #2: STATE_MAIN_I1: retransmission; will wait 40s for response
and in /var/log/secure it shows that it received a packet but interpreted it as
NO_PROPOSAL_CHOSEN.
Attached is a barf.
Any suggestions or information is greatly appreciated.
-Kim Nico
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
localhost.localdomain
Wed Jan 11 07:36:29 PST 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.3.0/K2.4.21-37.EL (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.4.21-37.EL (bhcompile at tweety.build.redhat.com) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-53)) #1 Wed Sep 7 13:35:21 EDT 2005
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.162.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.46.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
No SAD entries.
+ _________________________ setkey-D-P
+ setkey -D -P
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1779 seq=15 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1763 seq=14 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1747 seq=13 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused: Jan 11 07:31:10 2006
lifetime: 0(s) validtime: 0(s)
spid=1731 seq=12 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1715 seq=11 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1699 seq=10 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1683 seq=9 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1667 seq=8 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1788 seq=7 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1772 seq=6 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1756 seq=5 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused: Jan 11 07:31:10 2006
lifetime: 0(s) validtime: 0(s)
spid=1740 seq=4 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1724 seq=3 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1708 seq=2 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1692 seq=1 pid=10583
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Jan 11 07:30:37 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1676 seq=0 pid=10583
refcnt=1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.2.2
000 interface eth0/eth0 192.168.2.2
000 interface vmnet1/vmnet1 192.168.46.1
000 interface vmnet1/vmnet1 192.168.46.1
000 interface vmnet8/vmnet8 192.168.162.1
000 interface vmnet8/vmnet8 192.168.162.1
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "vizdom": 192.168.2.0/24===192.168.2.2...a.b.c.d===10.1.1.0/24; unrouted; eroute owner: #0
000 "vizdom": srcip=unset; dstip=unset
000 "vizdom": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "vizdom": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth0;
000 "vizdom": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vizdom": IKE algorithms wanted: 5_000-2-5, 5_000-2-2, flags=-strict
000 "vizdom": IKE algorithms found: 5_192-2_160-5, 5_192-2_160-2,
000 "vizdom": ESP algorithms wanted: 3_000-2, flags=-strict
000 "vizdom": ESP algorithms loaded: 3_000-2, flags=-strict
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:25:31:2E:55
inet addr:192.168.2.2 Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18324 errors:0 dropped:0 overruns:0 frame:0
TX packets:18170 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10041019 (9.5 Mb) TX bytes:3629125 (3.4 Mb)
Base address:0x8000 Memory:c0220000-c0240000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:105220 errors:0 dropped:0 overruns:0 frame:0
TX packets:105220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10564143 (10.0 Mb) TX bytes:10564143 (10.0 Mb)
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01
inet addr:192.168.46.1 Bcast:192.168.46.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet addr:192.168.162.1 Bcast:192.168.162.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:25:31:2e:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.2/24 brd 255.255.255.255 scope global eth0
4: vmnet1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.46.1/24 brd 192.168.46.255 scope global vmnet1
5: vmnet8: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:56:c0:00:08 brd ff:ff:ff:ff:ff:ff
inet 192.168.162.1/24 brd 192.168.162.255 scope global vmnet8
+ _________________________ ip-route-list
+ ip route list
192.168.162.0/24 dev vmnet8 proto kernel scope link src 192.168.162.1
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2
192.168.46.0/24 dev vmnet1 proto kernel scope link src 192.168.46.1
169.254.0.0/16 dev eth0 scope link
default via 192.168.2.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup 253
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.3.0/K2.4.21-37.EL (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: localhost.localdomain [MISSING]
Does the machine have at least one non-private address? [FAILED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
product info: vendor 00:50:43, model 2 rev 4
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
07:36:29 up 13:10, 3 users, load average: 0.36, 0.22, 0.18
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 2977 2943 15 0 13308 8556 schedu S pts/0 0:05 | \_ emacs /etc/ipsec.conf
4 0 10562 2943 25 0 4216 1100 wait4 S pts/0 0:00 | \_ /bin/sh /usr/libexec/ipsec/barf
0 0 10635 10562 25 0 1620 480 pipe_w S pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips
1 0 10341 1 25 0 2328 1092 wait4 S pts/0 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --st
1 0 10342 10341 25 0 2328 1100 wait4 S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts
4 0 10343 10342 15 0 2532 1128 schedu S pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --uniqueids --nat_traversal
1 0 10344 10343 35 10 2472 772 schedu SN pts/0 0:00 | \_ pluto helper # 0
0 0 10485 10343 25 0 1436 264 schedu S pts/0 0:00 | \_ _pluto_adns -d
0 0 10345 10341 25 0 2336 1088 pipe_w S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0 0 10347 1 24 0 1516 468 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
nat_traversal=yes
interfaces="ipsec0=eth0"
plutodebug="all"
# Add connections here
# sample VPN connection
#sample# conn sample
#sample# # Left security gateway, subnet behind it, next hop toward right.
#sample# left=10.0.0.1
#sample# leftsubnet=172.16.0.0/24
#sample# leftnexthop=10.22.33.44
#sample# # Right security gateway, subnet behind it, next hop toward left.
#sample# right=10.12.12.1
#sample# rightsubnet=192.168.0.0/24
#sample# rightnexthop=10.101.102.103
#sample# # To authorize this connection, but not actually start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
conn vizdom
type=tunnel
auto=add
auth=esp
pfs=no
authby=secret
keyingtries=1
left=192.168.2.2
leftsubnet=192.168.2.0/24
right=a.b.c.d
rightsubnet=10.1.1.0/24
rightid=a.b.c.d
esp=3des-sha1
keyexchange=ike
ike=3des-sha1
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
: RSA {
# RSA 2192 bits alcott Tue Jan 10 13:09:31 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQOO9aI7Y]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
a.b.c.d 192.168.2.2 : PSK "[sums to b384...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 108
-rwxr-xr-x 1 root root 15468 Jan 11 2005 _confread
-rwxr-xr-x 1 root root 12639 Jan 11 2005 _copyright
-rwxr-xr-x 1 root root 2379 Jan 11 2005 _include
-rwxr-xr-x 1 root root 1475 Jan 11 2005 _keycensor
-rwxr-xr-x 1 root root 3586 Jan 11 2005 _plutoload
-rwxr-xr-x 1 root root 7295 Jan 11 2005 _plutorun
-rwxr-xr-x 1 root root 11409 Jan 11 2005 _realsetup
-rwxr-xr-x 1 root root 1975 Jan 11 2005 _secretcensor
-rwxr-xr-x 1 root root 9385 Jan 11 2005 _startklips
-rwxr-xr-x 1 root root 12329 Jan 11 2005 _updown
-rwxr-xr-x 1 root root 7572 Jan 11 2005 _updown_x509
-rwxr-xr-x 1 root root 1942 Jan 11 2005 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2464
-rwxr-xr-x 1 root root 24161 Jan 11 2005 _pluto_adns
-rwxr-xr-x 1 root root 18840 Jan 11 2005 auto
-rwxr-xr-x 1 root root 10585 Jan 11 2005 barf
-rwxr-xr-x 1 root root 816 Jan 11 2005 calcgoo
-rwxr-xr-x 1 root root 157018 Jan 11 2005 eroute
-rwxr-xr-x 1 root root 46493 Jan 11 2005 ikeping
-rwxr-xr-x 1 root root 101634 Jan 11 2005 klipsdebug
-rwxr-xr-x 1 root root 1664 Jan 11 2005 livetest
-rwxr-xr-x 1 root root 2461 Jan 11 2005 look
-rwxr-xr-x 1 root root 7124 Jan 11 2005 mailkey
-rwxr-xr-x 1 root root 15931 Jan 11 2005 manual
-rwxr-xr-x 1 root root 1874 Jan 11 2005 newhostkey
-rwxr-xr-x 1 root root 92029 Jan 11 2005 pf_key
-rwxr-xr-x 1 root root 1364217 Jan 11 2005 pluto
-rwxr-xr-x 1 root root 17611 Jan 11 2005 ranbits
-rwxr-xr-x 1 root root 38721 Jan 11 2005 rsasigkey
-rwxr-xr-x 1 root root 766 Jan 11 2005 secrets
-rwxr-xr-x 1 root root 17578 Jan 11 2005 send-pr
lrwxrwxrwx 1 root root 22 Jan 10 20:57 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1048 Jan 11 2005 showdefaults
-rwxr-xr-x 1 root root 4748 Jan 11 2005 showhostkey
-rwxr-xr-x 1 root root 250671 Jan 11 2005 spi
-rwxr-xr-x 1 root root 129026 Jan 11 2005 spigrp
-rwxr-xr-x 1 root root 20345 Jan 11 2005 tncfg
-rwxr-xr-x 1 root root 10195 Jan 11 2005 verify
-rwxr-xr-x 1 root root 105508 Jan 11 2005 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo:10564143 105220 0 0 0 0 0 0 10564143 105220 0 0 0 0 0 0
eth0:10041189 18326 0 0 0 0 0 2 3629295 18172 0 0 0 0 0 0
vmnet1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
vmnet8: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
vmnet8 00A2A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 0002A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
vmnet1 002EA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
eth0 00000000 0102A8C0 0002 0 0 0 00000080 0 0 0
eth0 00000080 0102A8C0 0002 0 0 0 00000080 0 0 0
eth0 00000000 0102A8C0 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter vmnet1/rp_filter vmnet8/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
vmnet1/rp_filter:1
vmnet8/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 2.4.21-37.EL #1 Wed Sep 7 13:35:21 EDT 2005 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Enterprise Linux WS release 3 (Taroon Update 6)
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.4.21-37.EL) support detected '
NETKEY (2.4.21-37.EL) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
123K 20M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 123K packets, 14M bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 10.1.1.68 0.0.0.0/0 udp spt:123 dpt:123
105K 11M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
6 420 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
16180 9342K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:4000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
1550 318K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 2776 0 (autoclean) (unused)
iptable_nat 21656 0 (autoclean) (unused)
af_key 25032 0
twofish 39948 0 (autoclean)
serpent 12972 0 (autoclean)
blowfish 7692 0 (autoclean)
sha256 10796 0 (autoclean)
crypto_null 1612 0 (autoclean)
aes 32640 0
ipcomp 5456 0 (unused)
esp4 7408 0 (unused)
ah4 5552 0 (unused)
i810_audio 29784 0 (autoclean)
ac97_codec 17736 0 (autoclean) [i810_audio]
soundcore 6436 2 (autoclean) [i810_audio]
vmnet 25088 6
vmmon 98424 0 (unused)
usbserial 23420 0 (autoclean) (unused)
parport_pc 18756 1 (autoclean)
lp 8964 0 (autoclean)
parport 36832 1 (autoclean) [parport_pc lp]
autofs4 15864 0 (autoclean) (unused)
ds 8576 2
yenta_socket 13792 2
pcmcia_core 56800 0 [ds yenta_socket]
e1000 93020 1
ipt_REJECT 4600 1 (autoclean)
ipt_state 1080 5 (autoclean)
ip_conntrack 27176 2 (autoclean) [iptable_nat ipt_state]
iptable_filter 2412 1 (autoclean)
ip_tables 15776 7 [iptable_mangle iptable_nat ipt_REJECT ipt_state iptable_filter]
floppy 56624 0 (autoclean)
sg 36236 0 (autoclean)
sr_mod 17784 0 (autoclean)
microcode 5688 0 (autoclean)
ide-scsi 12336 0
scsi_mod 106924 3 [sg sr_mod ide-scsi]
ide-cd 33920 0
cdrom 32416 0 [sr_mod ide-cd]
keybdev 2944 0 (unused)
mousedev 5524 1
hid 22244 0 (unused)
input 5888 0 [keybdev mousedev hid]
ehci-hcd 20008 0 (unused)
usb-uhci 25740 0 (unused)
usbcore 77376 1 [usbserial hid ehci-hcd usb-uhci]
ext3 85832 3
jbd 50956 3 [ext3]
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 1577885696 820965376 756920320 0 162643968 256421888
Swap: 2090180608 0 2090180608
MemTotal: 1540904 kB
MemFree: 739180 kB
MemShared: 0 kB
Buffers: 158832 kB
Cached: 250412 kB
SwapCached: 0 kB
Active: 458736 kB
ActiveAnon: 173480 kB
ActiveCache: 285256 kB
Inact_dirty: 93508 kB
Inact_laundry: 28348 kB
Inact_clean: 0 kB
Inact_target: 116116 kB
HighTotal: 654720 kB
HighFree: 226784 kB
LowTotal: 886184 kB
LowFree: 512396 kB
SwapTotal: 2041192 kB
SwapFree: 2041192 kB
CommitLimit: 2811644 kB
Committed_AS: 316216 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.4.21-37.EL/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 192.168.2.1
search localdomain
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 32
drwxr-xr-x 3 root root 4096 Jan 18 2005 2.4.21-27.0.1.EL
drwxr-xr-x 3 root root 4096 Jan 19 2005 2.4.21-4.EL
drwxr-xr-x 3 root root 4096 Mar 31 2005 fglrx
drwxr-xr-x 3 root root 4096 Oct 31 09:45 2.4.21-32.EL
drwxr-xr-x 3 root root 4096 Oct 31 09:45 2.4.21-32.0.1.EL
drwxr-xr-x 3 root root 4096 Oct 31 09:45 2.4.21-27.0.4.EL
drwxr-xr-x 3 root root 4096 Oct 31 09:45 2.4.21-27.0.2.EL
drwxr-xr-x 4 root root 4096 Oct 31 09:51 2.4.21-37.EL
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ egrep netif_rx /proc/ksyms
c020fb30 netif_rx_Rd7d5ce2f
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.21-27.0.1.EL: U netif_rx_Rd7d5ce2f
2.4.21-27.0.2.EL: U netif_rx_Rd7d5ce2f
2.4.21-27.0.4.EL: U netif_rx_Rd7d5ce2f
2.4.21-32.0.1.EL: U netif_rx_Rd7d5ce2f
2.4.21-32.EL: U netif_rx_Rd7d5ce2f
2.4.21-37.EL: U netif_rx_Rd7d5ce2f
2.4.21-4.EL: U netif_rx_Rd7d5ce2f
fglrx:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1472,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Jan 11 07:30:36 localhost ipsec_setup: Starting Openswan IPsec 2.3.0...
Jan 11 07:30:36 localhost ipsec_setup: modprobe: Can't locate module ipsec
Jan 11 07:30:36 localhost ipsec_setup: /sbin/insmod /lib/modules/2.4.21-37.EL/kernel/net/key/af_key.o
Jan 11 07:30:36 localhost ipsec_setup: Using /lib/modules/2.4.21-37.EL/kernel/net/key/af_key.o
Jan 11 07:30:36 localhost ipsec_setup: Symbol version prefix ''
Jan 11 07:30:36 localhost ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": %defaultroute requested but not known
Jan 11 07:30:36 localhost ipsec_setup: modprobe: Can't locate module xfrm4_tunnel
Jan 11 07:30:36 localhost ipsec_setup: modprobe: Can't locate module xfrm_user
Jan 11 07:30:36 localhost ipsec_setup: modprobe: Can't locate module sha1
Jan 11 07:30:36 localhost ipsec__plutorun: ipsec_auto: fatal error in "block": %defaultroute requested but not known
Jan 11 07:30:36 localhost ipsec_setup: modprobe: Can't locate module md5
Jan 11 07:30:36 localhost ipsec__plutorun: ipsec_auto: fatal error in "clear-or-private": %defaultroute requested but not known
Jan 11 07:30:37 localhost ipsec_setup: modprobe: Can't locate module des
Jan 11 07:30:37 localhost ipsec__plutorun: ipsec_auto: fatal error in "clear": %defaultroute requested but not known
Jan 11 07:30:37 localhost ipsec__plutorun: ipsec_auto: fatal error in "private-or-clear": %defaultroute requested but not known
Jan 11 07:30:37 localhost ipsec__plutorun: ipsec_auto: fatal error in "private": %defaultroute requested but not known
Jan 11 07:30:37 localhost ipsec__plutorun: 021 no connection named "packetdefault"
Jan 11 07:30:37 localhost ipsec__plutorun: ...could not route conn "packetdefault"
Jan 11 07:30:37 localhost ipsec__plutorun: 021 no connection named "block"
Jan 11 07:30:37 localhost ipsec__plutorun: ...could not route conn "block"
Jan 11 07:30:37 localhost ipsec__plutorun: 021 no connection named "clear-or-private"
Jan 11 07:30:37 localhost ipsec__plutorun: ...could not route conn "clear-or-private"
Jan 11 07:30:37 localhost ipsec__plutorun: 021 no connection named "clear"
Jan 11 07:30:37 localhost ipsec__plutorun: ...could not route conn "clear"
Jan 11 07:30:37 localhost ipsec__plutorun: 021 no connection named "private-or-clear"
Jan 11 07:30:37 localhost ipsec__plutorun: ...could not route conn "private-or-clear"
Jan 11 07:30:38 localhost ipsec__plutorun: 021 no connection named "private"
Jan 11 07:30:38 localhost ipsec__plutorun: ...could not route conn "private"
+ _________________________ plog
+ sed -n '1275,$p' /var/log/secure
+ egrep -i pluto
+ cat
Jan 11 07:30:36 localhost ipsec__plutorun: Starting Pluto subsystem...
Jan 11 07:30:36 localhost pluto[10343]: Starting Pluto (Openswan Version 2.3.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Jan 11 07:30:36 localhost pluto[10343]: Setting port floating to on
Jan 11 07:30:36 localhost pluto[10343]: port floating activate 1/1
Jan 11 07:30:36 localhost pluto[10343]: including NAT-Traversal patch (Version 0.6c)
Jan 11 07:30:36 localhost pluto[10343]: | opening /dev/urandom
Jan 11 07:30:36 localhost pluto[10343]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Jan 11 07:30:36 localhost pluto[10343]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 11 07:30:36 localhost pluto[10343]: starting up 1 cryptographic helpers
Jan 11 07:30:36 localhost pluto[10344]: | opening /dev/urandom
Jan 11 07:30:36 localhost pluto[10343]: started helper pid=10344 (fd:6)
Jan 11 07:30:36 localhost pluto[10344]: ! helper 0 waiting on fd: 7
Jan 11 07:30:36 localhost pluto[10343]: | process 10343 listening for PF_KEY_V2 on file descriptor 7
Jan 11 07:30:36 localhost pluto[10343]: Using Linux 2.6 IPsec interface code
Jan 11 07:30:36 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 11 07:30:36 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p(nil).
Jan 11 07:30:36 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p0x8c863e8.
Jan 11 07:30:36 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8c86400 allocated 16 bytes, &(extensions[0])=0p0xbfff8d90
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=10343.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | finish_pfkey_msg: SADB_REGISTER message 1 for AH
Jan 11 07:30:37 localhost pluto[10343]: | 02 07 00 02 02 00 00 00 01 00 00 00 67 28 00 00
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_get: SADB_REGISTER message 1
Jan 11 07:30:37 localhost pluto[10343]: | AH registered with kernel.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p(nil).
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p0x8c863e8.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8c86400 allocated 16 bytes, &(extensions[0])=0p0xbfff8d90
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=10343.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | finish_pfkey_msg: SADB_REGISTER message 2 for ESP
Jan 11 07:30:37 localhost pluto[10343]: | 02 07 00 03 02 00 00 00 02 00 00 00 67 28 00 00
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_get: SADB_REGISTER message 2
Jan 11 07:30:37 localhost pluto[10343]: | alg_init():memset(0x80f5dc0, 0, 2016) memset(0x80f65a0, 0, 2048)
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=14, alg_id=251
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=14, alg_id=5
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=11
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=2
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=7
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=12
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=252
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_add():satype=3, exttype=15, alg_id=253
Jan 11 07:30:37 localhost pluto[10343]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 11 07:30:37 localhost pluto[10343]: | ESP registered with kernel.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p(nil).
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfff7d30 pfkey_ext=0p0xbfff8d90 *pfkey_ext=0p0x8c863e8.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x8c86400 allocated 16 bytes, &(extensions[0])=0p0xbfff8d90
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=3, pid=10343.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jan 11 07:30:37 localhost pluto[10343]: | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP
Jan 11 07:30:37 localhost pluto[10343]: | 02 07 00 09 02 00 00 00 03 00 00 00 67 28 00 00
Jan 11 07:30:37 localhost pluto[10343]: | pfkey_get: SADB_REGISTER message 3
Jan 11 07:30:37 localhost pluto[10343]: | IPCOMP registered with kernel.
Jan 11 07:30:37 localhost pluto[10343]: Could not change to directory '/etc/ipsec.d/cacerts'
Jan 11 07:30:37 localhost pluto[10343]: Could not change to directory '/etc/ipsec.d/aacerts'
Jan 11 07:30:37 localhost pluto[10343]: Could not change to directory '/etc/ipsec.d/ocspcerts'
Jan 11 07:30:37 localhost pluto[10343]: Could not change to directory '/etc/ipsec.d/crls'
Jan 11 07:30:37 localhost pluto[10343]: | inserting event EVENT_LOG_DAILY, timeout in 59363 seconds
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
Jan 11 07:30:37 localhost pluto[10343]: | enum_search_prefix () calling enum_search(0x80d60bc, "OAKLEY_3DES")
Jan 11 07:30:37 localhost pluto[10343]: | enum_search_ppfixi () calling enum_search(0x80d60bc, "OAKLEY_3DES_CBC")
Jan 11 07:30:37 localhost pluto[10343]: | parser_alg_info_add() ealg_getbyname("3des")=5
Jan 11 07:30:37 localhost pluto[10343]: | enum_search_prefix () calling enum_search(0x80d60f8, "OAKLEY_SHA1")
Jan 11 07:30:37 localhost pluto[10343]: | parser_alg_info_add() aalg_getbyname("sha1")=2
Jan 11 07:30:37 localhost pluto[10343]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=5, cnt=1
Jan 11 07:30:37 localhost pluto[10343]: | __alg_info_ike_add() ealg=5 aalg=2 modp_id=2, cnt=2
Jan 11 07:30:37 localhost pluto[10343]: | Added new connection vizdom with policy PSK+ENCRYPT+TUNNEL
Jan 11 07:30:37 localhost pluto[10343]: | from whack: got --esp=3des-sha1
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_parse_str() ealg_buf=3des aalg_buf=sha1eklen=0 aklen=0
Jan 11 07:30:37 localhost pluto[10343]: | enum_search_prefix () calling enum_search(0x80d5c74, "ESP_3DES")
Jan 11 07:30:37 localhost pluto[10343]: | parser_alg_info_add() ealg_getbyname("3des")=3
Jan 11 07:30:37 localhost pluto[10343]: | enum_search_prefix () calling enum_search(0x80d5f40, "AUTH_ALGORITHM_HMAC_SHA1")
Jan 11 07:30:37 localhost pluto[10343]: | parser_alg_info_add() aalg_getbyname("sha1")=2
Jan 11 07:30:37 localhost pluto[10343]: | __alg_info_esp_add() ealg=3 aalg=2 cnt=1
Jan 11 07:30:37 localhost pluto[10343]: | esp string values: 3_000-2, flags=-strict
Jan 11 07:30:37 localhost pluto[10343]: | from whack: got --ike=3des-sha1
Jan 11 07:30:37 localhost pluto[10343]: | ike string values: 5_000-2-5, 5_000-2-2, flags=-strict
Jan 11 07:30:37 localhost pluto[10343]: | counting wild cards for (none) is 15
Jan 11 07:30:37 localhost pluto[10343]: | sendcert is 3
Jan 11 07:30:37 localhost pluto[10343]: | counting wild cards for a.b.c.d is 0
Jan 11 07:30:37 localhost pluto[10343]: | sendcert is 3
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_addref() alg_info->ref_cnt=1
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_addref() alg_info->ref_cnt=1
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_addref() alg_info->ref_cnt=2
Jan 11 07:30:37 localhost pluto[10343]: | alg_info_addref() alg_info->ref_cnt=2
Jan 11 07:30:37 localhost pluto[10343]: added connection description "vizdom"
Jan 11 07:30:37 localhost pluto[10343]: | 192.168.2.0/24===192.168.2.2...a.b.c.d===10.1.1.0/24
Jan 11 07:30:37 localhost pluto[10343]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+TUNNEL
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: listening for IKE messages
Jan 11 07:30:37 localhost pluto[10343]: | found lo with address 127.0.0.1
Jan 11 07:30:37 localhost pluto[10343]: | found eth0 with address 192.168.2.2
Jan 11 07:30:37 localhost pluto[10343]: | found vmnet1 with address 192.168.46.1
Jan 11 07:30:37 localhost pluto[10343]: | found vmnet8 with address 192.168.162.1
Jan 11 07:30:37 localhost pluto[10343]: adding interface vmnet8/vmnet8 192.168.162.1
Jan 11 07:30:37 localhost pluto[10343]: adding interface vmnet8/vmnet8 192.168.162.1:4500
Jan 11 07:30:37 localhost pluto[10343]: adding interface vmnet1/vmnet1 192.168.46.1
Jan 11 07:30:37 localhost pluto[10343]: adding interface vmnet1/vmnet1 192.168.46.1:4500
Jan 11 07:30:37 localhost pluto[10343]: adding interface eth0/eth0 192.168.2.2
Jan 11 07:30:37 localhost pluto[10343]: adding interface eth0/eth0 192.168.2.2:4500
Jan 11 07:30:37 localhost pluto[10343]: adding interface lo/lo 127.0.0.1
Jan 11 07:30:37 localhost pluto[10343]: adding interface lo/lo 127.0.0.1:4500
Jan 11 07:30:37 localhost pluto[10343]: | could not open /proc/net/if_inet6
Jan 11 07:30:37 localhost pluto[10343]: loading secrets from "/etc/ipsec.secrets"
Jan 11 07:30:37 localhost pluto[10343]: | loaded private key for keyid: PPK_RSA:AQOO9aI7Y
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:37 localhost pluto[10343]: |
Jan 11 07:30:37 localhost pluto[10343]: | *received whack message
Jan 11 07:30:37 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3599 seconds
Jan 11 07:30:38 localhost pluto[10343]: |
Jan 11 07:30:38 localhost pluto[10343]: | *received whack message
Jan 11 07:30:38 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3598 seconds
Jan 11 07:30:39 localhost pluto[10343]: |
Jan 11 07:30:39 localhost pluto[10343]: | *received whack message
Jan 11 07:30:39 localhost pluto[10343]: | creating state object #1 at 0x8c86b90
Jan 11 07:30:39 localhost pluto[10343]: | ICOOKIE: 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:39 localhost pluto[10343]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 11 07:30:39 localhost pluto[10343]: | peer: d1 96 5b 12
Jan 11 07:30:39 localhost pluto[10343]: | state hash entry 27
Jan 11 07:30:39 localhost pluto[10343]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Jan 11 07:30:39 localhost pluto[10343]: | Queuing pending Quick Mode with a.b.c.d "vizdom"
Jan 11 07:30:39 localhost pluto[10343]: "vizdom" #1: initiating Main Mode
Jan 11 07:30:39 localhost pluto[10343]: | **emit ISAKMP Message:
Jan 11 07:30:39 localhost pluto[10343]: | initiator cookie:
Jan 11 07:30:39 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:39 localhost pluto[10343]: | responder cookie:
Jan 11 07:30:39 localhost pluto[10343]: | 00 00 00 00 00 00 00 00
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_SA
Jan 11 07:30:39 localhost pluto[10343]: | ISAKMP version: ISAKMP Version 1.0
Jan 11 07:30:39 localhost pluto[10343]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 11 07:30:39 localhost pluto[10343]: | flags: none
Jan 11 07:30:39 localhost pluto[10343]: | message ID: 00 00 00 00
Jan 11 07:30:39 localhost pluto[10343]: | ***emit ISAKMP Security Association Payload:
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:39 localhost pluto[10343]: | DOI: ISAKMP_DOI_IPSEC
Jan 11 07:30:39 localhost pluto[10343]: | ****emit IPsec DOI SIT:
Jan 11 07:30:39 localhost pluto[10343]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 11 07:30:39 localhost pluto[10343]: | out_sa pcn: 0 has 1 valid proposals
Jan 11 07:30:39 localhost pluto[10343]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jan 11 07:30:39 localhost pluto[10343]: | ****emit ISAKMP Proposal Payload:
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:39 localhost pluto[10343]: | proposal number: 0
Jan 11 07:30:39 localhost pluto[10343]: | protocol ID: PROTO_ISAKMP
Jan 11 07:30:39 localhost pluto[10343]: | SPI size: 0
Jan 11 07:30:39 localhost pluto[10343]: | number of transforms: 3
Jan 11 07:30:39 localhost pluto[10343]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_T
Jan 11 07:30:39 localhost pluto[10343]: | transform number: 0
Jan 11 07:30:39 localhost pluto[10343]: | transform ID: KEY_IKE
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_TYPE
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 1
Jan 11 07:30:39 localhost pluto[10343]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_DURATION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 3600
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 65535
Jan 11 07:30:39 localhost pluto[10343]: | [65535 is 65535??]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 65535
Jan 11 07:30:39 localhost pluto[10343]: | [65535 is 65535??]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 65535
Jan 11 07:30:39 localhost pluto[10343]: | [65535 is 65535??]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 65535
Jan 11 07:30:39 localhost pluto[10343]: | [65535 is 65535??]
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jan 11 07:30:39 localhost pluto[10343]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_T
Jan 11 07:30:39 localhost pluto[10343]: | transform number: 1
Jan 11 07:30:39 localhost pluto[10343]: | transform ID: KEY_IKE
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_TYPE
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 1
Jan 11 07:30:39 localhost pluto[10343]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_DURATION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 3600
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 5
Jan 11 07:30:39 localhost pluto[10343]: | [5 is OAKLEY_3DES_CBC]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 2
Jan 11 07:30:39 localhost pluto[10343]: | [2 is OAKLEY_SHA1]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 1
Jan 11 07:30:39 localhost pluto[10343]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 5
Jan 11 07:30:39 localhost pluto[10343]: | [5 is OAKLEY_GROUP_MODP1536]
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jan 11 07:30:39 localhost pluto[10343]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:39 localhost pluto[10343]: | transform number: 2
Jan 11 07:30:39 localhost pluto[10343]: | transform ID: KEY_IKE
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_TYPE
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 1
Jan 11 07:30:39 localhost pluto[10343]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_LIFE_DURATION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 3600
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 5
Jan 11 07:30:39 localhost pluto[10343]: | [5 is OAKLEY_3DES_CBC]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 2
Jan 11 07:30:39 localhost pluto[10343]: | [2 is OAKLEY_SHA1]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 1
Jan 11 07:30:39 localhost pluto[10343]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 11 07:30:39 localhost pluto[10343]: | ******emit ISAKMP Oakley attribute:
Jan 11 07:30:39 localhost pluto[10343]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 11 07:30:39 localhost pluto[10343]: | length/value: 2
Jan 11 07:30:39 localhost pluto[10343]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Proposal Payload: 104
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Security Association Payload: 116
Jan 11 07:30:39 localhost pluto[10343]: | ***emit ISAKMP Vendor ID Payload:
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:39 localhost pluto[10343]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jan 11 07:30:39 localhost pluto[10343]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Jan 11 07:30:39 localhost pluto[10343]: | emitting length of ISAKMP Vendor ID Payload: 20
Jan 11 07:30:39 localhost pluto[10343]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
Jan 11 07:30:39 localhost pluto[10343]: | ***emit ISAKMP Vendor ID Payload:
Jan 11 07:30:39 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:39 localhost pluto[10343]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jan 11 07:30:39 localhost pluto[10343]: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
Jan 11 07:30:40 localhost pluto[10343]: | emitting length of ISAKMP Vendor ID Payload: 20
Jan 11 07:30:40 localhost pluto[10343]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
Jan 11 07:30:40 localhost pluto[10343]: | ***emit ISAKMP Vendor ID Payload:
Jan 11 07:30:40 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:40 localhost pluto[10343]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jan 11 07:30:40 localhost pluto[10343]: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
Jan 11 07:30:40 localhost pluto[10343]: | emitting length of ISAKMP Vendor ID Payload: 20
Jan 11 07:30:40 localhost pluto[10343]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
Jan 11 07:30:40 localhost pluto[10343]: | ***emit ISAKMP Vendor ID Payload:
Jan 11 07:30:40 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:40 localhost pluto[10343]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jan 11 07:30:40 localhost pluto[10343]: | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Jan 11 07:30:40 localhost pluto[10343]: | emitting length of ISAKMP Vendor ID Payload: 20
Jan 11 07:30:40 localhost pluto[10343]: | emitting length of ISAKMP Message: 224
Jan 11 07:30:40 localhost pluto[10343]: | sending 224 bytes for main_outI1 through eth0 to a.b.c.d:500:
Jan 11 07:30:40 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 00 00 00 00 00 00 00 00
Jan 11 07:30:40 localhost pluto[10343]: | 01 10 02 00 00 00 00 00 00 00 00 e0 0d 00 00 74
Jan 11 07:30:40 localhost pluto[10343]: | 00 00 00 01 00 00 00 01 00 00 00 68 00 01 00 03
Jan 11 07:30:40 localhost pluto[10343]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:40 localhost pluto[10343]: | 80 01 ff ff 80 02 ff ff 80 03 ff ff 80 04 ff ff
Jan 11 07:30:40 localhost pluto[10343]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:40 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
Jan 11 07:30:40 localhost pluto[10343]: | 00 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:40 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
Jan 11 07:30:40 localhost pluto[10343]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
Jan 11 07:30:40 localhost pluto[10343]: | 77 57 01 00 0d 00 00 14 7d 94 19 a6 53 10 ca 6f
Jan 11 07:30:40 localhost pluto[10343]: | 2c 17 9d 92 15 52 9d 56 0d 00 00 14 cd 60 46 43
Jan 11 07:30:40 localhost pluto[10343]: | 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 00 00 00 14
Jan 11 07:30:40 localhost pluto[10343]: | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Jan 11 07:30:40 localhost pluto[10343]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jan 11 07:30:40 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jan 11 07:30:40 localhost pluto[10343]: |
Jan 11 07:30:40 localhost pluto[10343]: | *received 92 bytes from a.b.c.d:500 on eth0
Jan 11 07:30:40 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 b8 3c 4d 6d e1 90 e2 b5
Jan 11 07:30:40 localhost pluto[10343]: | 0b 10 05 00 00 00 00 00 00 00 00 5c 00 00 00 40
Jan 11 07:30:40 localhost pluto[10343]: | 00 00 00 00 01 10 00 0e 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:40 localhost pluto[10343]: | b8 3c 4d 6d e1 90 e2 b5 00 06 00 04 00 00 00 00
Jan 11 07:30:40 localhost pluto[10343]: | 00 04 00 18 00 00 00 4e 6f 20 70 72 6f 70 6f 73
Jan 11 07:30:40 localhost pluto[10343]: | 61 6c 20 69 73 20 63 68 6f 73 65 6e
Jan 11 07:30:40 localhost pluto[10343]: | **parse ISAKMP Message:
Jan 11 07:30:40 localhost pluto[10343]: | initiator cookie:
Jan 11 07:30:40 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:40 localhost pluto[10343]: | responder cookie:
Jan 11 07:30:40 localhost pluto[10343]: | b8 3c 4d 6d e1 90 e2 b5
Jan 11 07:30:40 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_N
Jan 11 07:30:40 localhost pluto[10343]: | ISAKMP version: ISAKMP Version 1.0
Jan 11 07:30:40 localhost pluto[10343]: | exchange type: ISAKMP_XCHG_INFO
Jan 11 07:30:40 localhost pluto[10343]: | flags: none
Jan 11 07:30:40 localhost pluto[10343]: | message ID: 00 00 00 00
Jan 11 07:30:40 localhost pluto[10343]: | length: 92
Jan 11 07:30:40 localhost pluto[10343]: | ICOOKIE: 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:40 localhost pluto[10343]: | RCOOKIE: b8 3c 4d 6d e1 90 e2 b5
Jan 11 07:30:40 localhost pluto[10343]: | peer: d1 96 5b 12
Jan 11 07:30:40 localhost pluto[10343]: | state hash entry 17
Jan 11 07:30:40 localhost pluto[10343]: | state object not found
Jan 11 07:30:40 localhost pluto[10343]: | ***parse ISAKMP Notification Payload:
Jan 11 07:30:40 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:40 localhost pluto[10343]: | length: 64
Jan 11 07:30:40 localhost pluto[10343]: | DOI: ISAKMP_DOI_ISAKMP
Jan 11 07:30:40 localhost pluto[10343]: | protocol ID: 1
Jan 11 07:30:40 localhost pluto[10343]: | SPI size: 16
Jan 11 07:30:40 localhost pluto[10343]: | Notify Message Type: NO_PROPOSAL_CHOSEN
Jan 11 07:30:40 localhost pluto[10343]: packet from a.b.c.d:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jan 11 07:30:40 localhost pluto[10343]: | info: 0d ad 68 bd 17 4c ec 51 b8 3c 4d 6d e1 90 e2 b5
Jan 11 07:30:40 localhost pluto[10343]: | 00 06 00 04 00 00 00 00 00 04 00 18 00 00 00 4e
Jan 11 07:30:40 localhost pluto[10343]: | 6f 20 70 72 6f 70 6f 73 61 6c 20 69 73 20 63 68
Jan 11 07:30:40 localhost pluto[10343]: | 6f 73 65 6e
Jan 11 07:30:40 localhost pluto[10343]: packet from a.b.c.d:500: received and ignored informational message
Jan 11 07:30:40 localhost pluto[10343]: | complete state transition with STF_IGNORE
Jan 11 07:30:40 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jan 11 07:30:50 localhost pluto[10343]: |
Jan 11 07:30:50 localhost pluto[10343]: | *time to handle event
Jan 11 07:30:50 localhost pluto[10343]: | handling event EVENT_RETRANSMIT
Jan 11 07:30:50 localhost pluto[10343]: | event after this is EVENT_REINIT_SECRET in 3586 seconds
Jan 11 07:30:50 localhost pluto[10343]: | handling event EVENT_RETRANSMIT for a.b.c.d "vizdom" #1
Jan 11 07:30:50 localhost pluto[10343]: | sending 224 bytes for EVENT_RETRANSMIT through eth0 to a.b.c.d:500:
Jan 11 07:30:50 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 00 00 00 00 00 00 00 00
Jan 11 07:30:50 localhost pluto[10343]: | 01 10 02 00 00 00 00 00 00 00 00 e0 0d 00 00 74
Jan 11 07:30:50 localhost pluto[10343]: | 00 00 00 01 00 00 00 01 00 00 00 68 00 01 00 03
Jan 11 07:30:50 localhost pluto[10343]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:50 localhost pluto[10343]: | 80 01 ff ff 80 02 ff ff 80 03 ff ff 80 04 ff ff
Jan 11 07:30:50 localhost pluto[10343]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:50 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
Jan 11 07:30:50 localhost pluto[10343]: | 00 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:30:50 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
Jan 11 07:30:50 localhost pluto[10343]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
Jan 11 07:30:50 localhost pluto[10343]: | 77 57 01 00 0d 00 00 14 7d 94 19 a6 53 10 ca 6f
Jan 11 07:30:50 localhost pluto[10343]: | 2c 17 9d 92 15 52 9d 56 0d 00 00 14 cd 60 46 43
Jan 11 07:30:50 localhost pluto[10343]: | 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 00 00 00 14
Jan 11 07:30:50 localhost pluto[10343]: | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Jan 11 07:30:50 localhost pluto[10343]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
Jan 11 07:30:50 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 20 seconds for #1
Jan 11 07:30:50 localhost pluto[10343]: |
Jan 11 07:30:50 localhost pluto[10343]: | *received 92 bytes from a.b.c.d:500 on eth0
Jan 11 07:30:50 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 70 70 f5 af 2f 61 81 b3
Jan 11 07:30:50 localhost pluto[10343]: | 0b 10 05 00 00 00 00 00 00 00 00 5c 00 00 00 40
Jan 11 07:30:50 localhost pluto[10343]: | 00 00 00 00 01 10 00 0e 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:50 localhost pluto[10343]: | 70 70 f5 af 2f 61 81 b3 00 06 00 04 00 00 00 00
Jan 11 07:30:50 localhost pluto[10343]: | 00 04 00 18 00 00 00 4e 6f 20 70 72 6f 70 6f 73
Jan 11 07:30:50 localhost pluto[10343]: | 61 6c 20 69 73 20 63 68 6f 73 65 6e
Jan 11 07:30:50 localhost pluto[10343]: | **parse ISAKMP Message:
Jan 11 07:30:50 localhost pluto[10343]: | initiator cookie:
Jan 11 07:30:50 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:50 localhost pluto[10343]: | responder cookie:
Jan 11 07:30:50 localhost pluto[10343]: | 70 70 f5 af 2f 61 81 b3
Jan 11 07:30:50 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_N
Jan 11 07:30:50 localhost pluto[10343]: | ISAKMP version: ISAKMP Version 1.0
Jan 11 07:30:50 localhost pluto[10343]: | exchange type: ISAKMP_XCHG_INFO
Jan 11 07:30:50 localhost pluto[10343]: | flags: none
Jan 11 07:30:50 localhost pluto[10343]: | message ID: 00 00 00 00
Jan 11 07:30:50 localhost pluto[10343]: | length: 92
Jan 11 07:30:50 localhost pluto[10343]: | ICOOKIE: 0d ad 68 bd 17 4c ec 51
Jan 11 07:30:50 localhost pluto[10343]: | RCOOKIE: 70 70 f5 af 2f 61 81 b3
Jan 11 07:30:50 localhost pluto[10343]: | peer: d1 96 5b 12
Jan 11 07:30:50 localhost pluto[10343]: | state hash entry 17
Jan 11 07:30:50 localhost pluto[10343]: | state object not found
Jan 11 07:30:50 localhost pluto[10343]: | ***parse ISAKMP Notification Payload:
Jan 11 07:30:50 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:30:50 localhost pluto[10343]: | length: 64
Jan 11 07:30:50 localhost pluto[10343]: | DOI: ISAKMP_DOI_ISAKMP
Jan 11 07:30:50 localhost pluto[10343]: | protocol ID: 1
Jan 11 07:30:50 localhost pluto[10343]: | SPI size: 16
Jan 11 07:30:50 localhost pluto[10343]: | Notify Message Type: NO_PROPOSAL_CHOSEN
Jan 11 07:30:50 localhost pluto[10343]: packet from a.b.c.d:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jan 11 07:30:50 localhost pluto[10343]: | info: 0d ad 68 bd 17 4c ec 51 70 70 f5 af 2f 61 81 b3
Jan 11 07:30:50 localhost pluto[10343]: | 00 06 00 04 00 00 00 00 00 04 00 18 00 00 00 4e
Jan 11 07:30:50 localhost pluto[10343]: | 6f 20 70 72 6f 70 6f 73 61 6c 20 69 73 20 63 68
Jan 11 07:30:50 localhost pluto[10343]: | 6f 73 65 6e
Jan 11 07:30:50 localhost pluto[10343]: packet from a.b.c.d:500: received and ignored informational message
Jan 11 07:30:50 localhost pluto[10343]: | complete state transition with STF_IGNORE
Jan 11 07:30:50 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 20 seconds for #1
Jan 11 07:31:10 localhost pluto[10343]: |
Jan 11 07:31:10 localhost pluto[10343]: | *time to handle event
Jan 11 07:31:10 localhost pluto[10343]: | handling event EVENT_RETRANSMIT
Jan 11 07:31:10 localhost pluto[10343]: | event after this is EVENT_REINIT_SECRET in 3566 seconds
Jan 11 07:31:10 localhost pluto[10343]: | handling event EVENT_RETRANSMIT for a.b.c.d "vizdom" #1
Jan 11 07:31:10 localhost pluto[10343]: | sending 224 bytes for EVENT_RETRANSMIT through eth0 to a.b.c.d:500:
Jan 11 07:31:10 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 00 00 00 00 00 00 00 00
Jan 11 07:31:10 localhost pluto[10343]: | 01 10 02 00 00 00 00 00 00 00 00 e0 0d 00 00 74
Jan 11 07:31:10 localhost pluto[10343]: | 00 00 00 01 00 00 00 01 00 00 00 68 00 01 00 03
Jan 11 07:31:10 localhost pluto[10343]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:31:10 localhost pluto[10343]: | 80 01 ff ff 80 02 ff ff 80 03 ff ff 80 04 ff ff
Jan 11 07:31:10 localhost pluto[10343]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:31:10 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
Jan 11 07:31:10 localhost pluto[10343]: | 00 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10
Jan 11 07:31:10 localhost pluto[10343]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
Jan 11 07:31:10 localhost pluto[10343]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
Jan 11 07:31:10 localhost pluto[10343]: | 77 57 01 00 0d 00 00 14 7d 94 19 a6 53 10 ca 6f
Jan 11 07:31:10 localhost pluto[10343]: | 2c 17 9d 92 15 52 9d 56 0d 00 00 14 cd 60 46 43
Jan 11 07:31:10 localhost pluto[10343]: | 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 00 00 00 14
Jan 11 07:31:10 localhost pluto[10343]: | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
Jan 11 07:31:10 localhost pluto[10343]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
Jan 11 07:31:10 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 40 seconds for #1
Jan 11 07:31:10 localhost pluto[10343]: |
Jan 11 07:31:10 localhost pluto[10343]: | *received 92 bytes from a.b.c.d:500 on eth0
Jan 11 07:31:10 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51 cd 9b 1a 49 66 60 e4 be
Jan 11 07:31:10 localhost pluto[10343]: | 0b 10 05 00 00 00 00 00 00 00 00 5c 00 00 00 40
Jan 11 07:31:10 localhost pluto[10343]: | 00 00 00 00 01 10 00 0e 0d ad 68 bd 17 4c ec 51
Jan 11 07:31:10 localhost pluto[10343]: | cd 9b 1a 49 66 60 e4 be 00 06 00 04 00 00 00 00
Jan 11 07:31:10 localhost pluto[10343]: | 00 04 00 18 00 00 00 4e 6f 20 70 72 6f 70 6f 73
Jan 11 07:31:10 localhost pluto[10343]: | 61 6c 20 69 73 20 63 68 6f 73 65 6e
Jan 11 07:31:10 localhost pluto[10343]: | **parse ISAKMP Message:
Jan 11 07:31:10 localhost pluto[10343]: | initiator cookie:
Jan 11 07:31:10 localhost pluto[10343]: | 0d ad 68 bd 17 4c ec 51
Jan 11 07:31:10 localhost pluto[10343]: | responder cookie:
Jan 11 07:31:10 localhost pluto[10343]: | cd 9b 1a 49 66 60 e4 be
Jan 11 07:31:10 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_N
Jan 11 07:31:10 localhost pluto[10343]: | ISAKMP version: ISAKMP Version 1.0
Jan 11 07:31:10 localhost pluto[10343]: | exchange type: ISAKMP_XCHG_INFO
Jan 11 07:31:10 localhost pluto[10343]: | flags: none
Jan 11 07:31:10 localhost pluto[10343]: | message ID: 00 00 00 00
Jan 11 07:31:10 localhost pluto[10343]: | length: 92
Jan 11 07:31:10 localhost pluto[10343]: | ICOOKIE: 0d ad 68 bd 17 4c ec 51
Jan 11 07:31:10 localhost pluto[10343]: | RCOOKIE: cd 9b 1a 49 66 60 e4 be
Jan 11 07:31:10 localhost pluto[10343]: | peer: d1 96 5b 12
Jan 11 07:31:10 localhost pluto[10343]: | state hash entry 20
Jan 11 07:31:10 localhost pluto[10343]: | state object not found
Jan 11 07:31:10 localhost pluto[10343]: | ***parse ISAKMP Notification Payload:
Jan 11 07:31:10 localhost pluto[10343]: | next payload type: ISAKMP_NEXT_NONE
Jan 11 07:31:10 localhost pluto[10343]: | length: 64
Jan 11 07:31:10 localhost pluto[10343]: | DOI: ISAKMP_DOI_ISAKMP
Jan 11 07:31:10 localhost pluto[10343]: | protocol ID: 1
Jan 11 07:31:10 localhost pluto[10343]: | SPI size: 16
Jan 11 07:31:10 localhost pluto[10343]: | Notify Message Type: NO_PROPOSAL_CHOSEN
Jan 11 07:31:10 localhost pluto[10343]: packet from a.b.c.d:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jan 11 07:31:10 localhost pluto[10343]: | info: 0d ad 68 bd 17 4c ec 51 cd 9b 1a 49 66 60 e4 be
Jan 11 07:31:10 localhost pluto[10343]: | 00 06 00 04 00 00 00 00 00 04 00 18 00 00 00 4e
Jan 11 07:31:10 localhost pluto[10343]: | 6f 20 70 72 6f 70 6f 73 61 6c 20 69 73 20 63 68
Jan 11 07:31:10 localhost pluto[10343]: | 6f 73 65 6e
Jan 11 07:31:10 localhost pluto[10343]: packet from a.b.c.d:500: received and ignored informational message
Jan 11 07:31:10 localhost pluto[10343]: | complete state transition with STF_IGNORE
Jan 11 07:31:10 localhost pluto[10343]: | next event EVENT_RETRANSMIT in 40 seconds for #1
Jan 11 07:31:50 localhost pluto[10343]: |
Jan 11 07:31:50 localhost pluto[10343]: | *time to handle event
Jan 11 07:31:50 localhost pluto[10343]: | handling event EVENT_RETRANSMIT
Jan 11 07:31:50 localhost pluto[10343]: | event after this is EVENT_REINIT_SECRET in 3526 seconds
Jan 11 07:31:50 localhost pluto[10343]: | handling event EVENT_RETRANSMIT for a.b.c.d "vizdom" #1
Jan 11 07:31:50 localhost pluto[10343]: "vizdom" #1: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
Jan 11 07:31:50 localhost pluto[10343]: | ICOOKIE: 0d ad 68 bd 17 4c ec 51
Jan 11 07:31:50 localhost pluto[10343]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 11 07:31:50 localhost pluto[10343]: | peer: d1 96 5b 12
Jan 11 07:31:50 localhost pluto[10343]: | state hash entry 27
Jan 11 07:31:50 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3526 seconds
Jan 11 07:36:29 localhost pluto[10343]: |
Jan 11 07:36:29 localhost pluto[10343]: | *received whack message
Jan 11 07:36:29 localhost pluto[10343]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 11 07:36:29 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3247 seconds
Jan 11 07:36:29 localhost pluto[10343]: |
Jan 11 07:36:29 localhost pluto[10343]: | *received whack message
Jan 11 07:36:29 localhost pluto[10343]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 11 07:36:29 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3247 seconds
Jan 11 07:36:29 localhost pluto[10343]: |
Jan 11 07:36:29 localhost pluto[10343]: | *received whack message
Jan 11 07:36:29 localhost pluto[10343]: | next event EVENT_REINIT_SECRET in 3247 seconds
+ _________________________ date
+ date
Wed Jan 11 07:36:30 PST 2006
More information about the Users
mailing list