[Openswan Users] No ipsec0 interfaces in routeing table
Jack Lowry
jrlowry376 at adelphia.net
Wed Jul 5 21:10:35 CEST 2006
I tcpdump the inside interface and I see the packets with the a
192.168.3.16 as the source and 69.174.129.33 as the destination. This
looks okay.
Running tcpdump on the outside interface I see packets with
69.174.129.33 as the source and 172.16.25.8 as the destination. Hmm are
the packets getting natted before the get the chance to be encrypted?
Routing is turned on (the rest of the family goes through this gateway
to surf, IRC, AIM, etc.)
a barf, ifconfig and route table are attached.
I'm thinking I might need to look at iptables stuff.
ted leslie wrote:
>and you tcpdump from the VPN point?
>and the packets show a source of 192.168.3.0/24
>and a target/dest on 172.16.24.0/21
>
>if it does, then it should match the rule and be routed,
>i was thinking you were testing from the VPN machine, and thus you would need to have SNAT'd
>
>
>I guess you have routing turned on? as that gateway routes non-vpn packets just fine?
>
>you probably want to post your
>
>"netstat -rn"
>and
>"ifconfig -a"
>
>-tl
>
>
>
>
>On Wed, 05 Jul 2006 16:11:50 -0400
>jack <jrlowry376 at adelphia.net> wrote:
>
>
>
>>I test from a linux box on the private lan behind the openswan VPN gateway.
>>I use ssh and connect to 172.16.25.8.
>>
>>I'll submit a barf after I get home and switch gateways.
>>
>>ted leslie wrote:
>>
>>
>>>when you attempt your test conenction,
>>>are you doing that from the openswan server or from one of the hosts on the
>>>private-lan behind the VPN gateway?
>>>explain what exactly you are doing to test this connection.
>>>
>>>
>>>
>>>
>>>you might also want to post your barf
>>>
>>>ipsec barf
>>>
>>>as it has more info
>>>
>>>-tl
>>>
>>>
>>>
>>>
>>>
-------------- next part --------------
gate
Wed Jul 5 19:55:03 EDT 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.6rc1/K2.6.17.1June24 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.17.1June24 (root at gate) (gcc version 3.3.6) #12 Tue Jul 4 17:58:25 EDT 2006
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.24.0 69.174.129.1 255.255.248.0 UG 0 0 0 eth1
69.174.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 69.174.128.1 0.0.0.0 UG 0 0 0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 69.174.129.33 dst 206.107.146.8
proto esp spi 0x32f39194 reqid 16385 mode tunnel
replay-window 32
auth sha1 0xf7500ee97a1016175460cecffaef389fb1367f0d
enc aes 0xb6d1e1b1acd83bbd7d456c09a1ea8029
src 206.107.146.8 dst 69.174.129.33
proto esp spi 0xfe3afc89 reqid 16385 mode tunnel
replay-window 32
auth sha1 0x7cc5ef825be6309c05091de438a190733e8bc040
enc aes 0xa3164bca594ec52c84d06ca1406a92a0
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 172.16.24.0/21 dst 192.168.3.0/24
dir in priority 2347
tmpl src 206.107.146.8 dst 69.174.129.33
proto esp reqid 16385 mode tunnel
src 192.168.3.0/24 dst 172.16.24.0/21
dir out priority 2347
tmpl src 69.174.129.33 dst 206.107.146.8
proto esp reqid 16385 mode tunnel
src 172.16.24.0/21 dst 192.168.3.0/24
dir fwd priority 2347
tmpl src 206.107.146.8 dst 69.174.129.33
proto esp reqid 16385 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface eth0/eth0 192.168.3.1
000 interface eth1/eth1 69.174.129.33
000 interface lo/lo 127.0.0.1
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "rfd": 192.168.3.0/24===69.174.129.33---69.174.129.1...206.107.146.1---206.107.146.8===172.16.24.0/21; erouted; eroute owner: #2
000 "rfd": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "rfd": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "rfd": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,21; interface: eth1;
000 "rfd": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "rfd": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000
000 #2: "rfd":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2525s; newest IPSEC; eroute owner
000 #2: "rfd" esp.32f39194 at 206.107.146.8 esp.fe3afc89 at 69.174.129.33 tun.0 at 206.107.146.8 tun.0 at 69.174.129.33
000 #1: "rfd":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 28196s; newest ISAKMP; nodpd
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:50:DA:21:7F:63
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26302 errors:0 dropped:0 overruns:1 frame:0
TX packets:28174 errors:0 dropped:0 overruns:0 carrier:0
collisions:130 txqueuelen:1000
RX bytes:5520133 (5.2 Mb) TX bytes:27964240 (26.6 Mb)
Interrupt:10 Base address:0xe800
eth1 Link encap:Ethernet HWaddr 00:00:C0:FC:16:B0
inet addr:69.174.129.33 Bcast:69.174.143.255 Mask:255.255.240.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36474 errors:0 dropped:0 overruns:1 frame:0
TX packets:24362 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28252330 (26.9 Mb) TX bytes:5360900 (5.1 Mb)
Interrupt:3 Base address:0xc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:885 errors:0 dropped:0 overruns:0 frame:0
TX packets:885 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:380735 (371.8 Kb) TX bytes:380735 (371.8 Kb)
+ _________________________ ip-addr-list
+ ip addr list
1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:da:21:7f:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global eth0
2: eth1: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:00:c0:fc:16:b0 brd ff:ff:ff:ff:ff:ff
inet 69.174.129.33/20 brd 69.174.143.255 scope global eth1
3: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
+ _________________________ ip-route-list
+ ip route list
192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.1
172.16.24.0/21 via 69.174.129.1 dev eth1
69.174.128.0/20 dev eth1 proto kernel scope link src 69.174.129.33
127.0.0.0/8 dev lo scope link
default via 69.174.128.1 dev eth1
+ _________________________ ip-rule-list
+ ip rule list
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.6rc1/K2.6.17.1June24 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-HD, link ok
product info: vendor 00:10:18, model 23 rev 4
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-HD 10baseT-HD
eth1: negotiated 100baseTx-FD flow-control, link ok
product info: vendor 00:10:18, model 23 rev 7
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
gate.local.net
+ _________________________ hostname/ipaddress
+ hostname --ip-address
192.168.3.3
+ _________________________ uptime
+ uptime
19:55:04 up 13 min, 2 users, load average: 0.10, 0.06, 0.01
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 1877 1104 25 0 2472 1312 - R+ pts/0 0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
1 0 1794 1 25 0 2100 444 wait S pts/0 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 1795 1794 25 0 2100 604 wait S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 1796 1795 15 0 2444 1272 - S pts/0 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --use-auto --uniqueids
1 0 1802 1796 25 10 2444 620 - SN pts/0 0:00 | \_ pluto helper # 0
0 0 1803 1796 25 0 1412 272 - S pts/0 0:00 | \_ _pluto_adns -d
0 0 1797 1794 24 0 2076 1028 pipe_w S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
0 0 1799 1 25 0 1468 384 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth1
routevirt=ipsec0
routeaddr=69.174.129.33
routenexthop=69.174.128.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces=%defaultroute
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="all"
# interfaces="ipsec0=eth0"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# Add connections here
# sample VPN connection
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=start
conn rfd
keylife=60m
ikelifetime=480m
rekey=yes
type=tunnel
left=69.174.129.33
leftsubnet=192.168.3.0/24
leftnexthop=69.174.129.1
right=206.107.146.8
rightsubnet=172.16.24.0/21
rightnexthop=206.107.146.1
keyexchange=ike
compress=no
authby=secret
auth=esp
pfs=yes
#Disable Opportunistic Encryption
#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 61
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
# This file holds shared secrets which are currently the only inter-Pluto
# This file holds shared secrets which are currently the only inter-Pluto
# authentication mechanism. See ipsec_pluto(8) manpage. Each secret is
# (oversimplifying slightly) for one pair of negotiating hosts.
# The shared secrets are arbitrary character strings and should be both
# long and hard to guess.
# Note that all secrets must now be enclosed in quotes, even if they have
# no white space inside them.
#10.0.0.1 11.0.0.1 "[sums to 30a4...]"
69.174.129.33 143.247.7.28 : PSK "[sums to bfb8...]"
69.174.129.33 206.107.146.8 : PSK "[sums to bfb8...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 316
-rwxr-xr-x 1 root root 15848 Jun 26 18:43 _confread
-rwxr-xr-x 1 root root 15848 Jun 26 18:42 _confread.old
-rwxr-xr-x 1 root root 51135 Jun 26 18:43 _copyright
-rwxr-xr-x 1 root root 51135 Jun 26 18:42 _copyright.old
-rwxr-xr-x 1 root root 2379 Jun 26 18:43 _include
-rwxr-xr-x 1 root root 2379 Jun 26 18:42 _include.old
-rwxr-xr-x 1 root root 1475 Jun 26 18:43 _keycensor
-rwxr-xr-x 1 root root 1475 Jun 26 18:42 _keycensor.old
-rwxr-xr-x 1 root root 3586 Jun 26 18:43 _plutoload
-rwxr-xr-x 1 root root 3586 Jun 26 18:42 _plutoload.old
-rwxr-xr-x 1 root root 7223 Jun 26 18:43 _plutorun
-rwxr-xr-x 1 root root 7223 Jun 26 18:42 _plutorun.old
-rwxr-xr-x 1 root root 12335 Jun 26 18:43 _realsetup
-rwxr-xr-x 1 root root 12335 Jun 26 18:42 _realsetup.old
-rwxr-xr-x 1 root root 1975 Jun 26 18:43 _secretcensor
-rwxr-xr-x 1 root root 1975 Jun 26 18:42 _secretcensor.old
-rwxr-xr-x 1 root root 10076 Jun 26 18:43 _startklips
-rwxr-xr-x 1 root root 10076 Jun 26 18:42 _startklips.old
-rwxr-xr-x 1 root root 13918 Jun 26 18:43 _updown
-rwxr-xr-x 1 root root 13918 Jun 26 18:42 _updown.old
-rwxr-xr-x 1 root root 15746 Jun 26 18:43 _updown_x509
-rwxr-xr-x 1 root root 15746 Jun 26 18:42 _updown_x509.old
-rwxr-xr-x 1 root root 1942 Jun 26 18:43 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 10312
-rwxr-xr-x 1 root root 76680 Jun 26 18:42 _pluto_adns
-rwxr-xr-x 1 root root 76680 Jun 26 18:42 _pluto_adns.old
-rwxr-xr-x 1 root root 18891 Jun 26 18:43 auto
-rwxr-xr-x 1 root root 18891 Jun 26 18:42 auto.old
-rwxr-xr-x 1 root root 11355 Jun 26 18:43 barf
-rwxr-xr-x 1 root root 11355 Jun 26 18:42 barf.old
-rwxr-xr-x 1 root root 683 Jun 26 18:43 calcgoo
-rwxr-xr-x 1 root root 683 Jun 26 18:42 calcgoo.old
-rwxr-xr-x 1 root root 334579 Jun 26 18:42 eroute
-rwxr-xr-x 1 root root 334579 Jun 26 18:42 eroute.old
-rwxr-xr-x 1 root root 138961 Jun 26 18:43 ikeping
-rwxr-xr-x 1 root root 138961 Jun 26 18:42 ikeping.old
-rwxr-xr-x 1 root root 195964 Jun 26 18:42 klipsdebug
-rwxr-xr-x 1 root root 195964 Jun 26 18:42 klipsdebug.old
-rwxr-xr-x 1 root root 1836 Jun 26 18:43 livetest
-rwxr-xr-x 1 root root 1836 Jun 26 18:42 livetest.old
-rwxr-xr-x 1 root root 2605 Jun 26 18:43 look
-rwxr-xr-x 1 root root 2605 Jun 26 18:42 look.old
-rwxr-xr-x 1 root root 7159 Jun 26 18:43 mailkey
-rwxr-xr-x 1 root root 7159 Jun 26 18:42 mailkey.old
-rwxr-xr-x 1 root root 16015 Jun 26 18:43 manual
-rwxr-xr-x 1 root root 16015 Jun 26 18:42 manual.old
-rwxr-xr-x 1 root root 1951 Jun 26 18:43 newhostkey
-rwxr-xr-x 1 root root 1951 Jun 26 18:42 newhostkey.old
-rwxr-xr-x 1 root root 177531 Jun 26 18:42 pf_key
-rwxr-xr-x 1 root root 177531 Jun 26 18:42 pf_key.old
-rwxr-xr-x 1 root root 2853318 Jun 26 18:42 pluto
-rwxr-xr-x 1 root root 2853318 Jun 26 18:42 pluto.old
-rwxr-xr-x 1 root root 54863 Jun 26 18:43 ranbits
-rwxr-xr-x 1 root root 54863 Jun 26 18:42 ranbits.old
-rwxr-xr-x 1 root root 87601 Jun 26 18:43 rsasigkey
-rwxr-xr-x 1 root root 87601 Jun 26 18:42 rsasigkey.old
-rwxr-xr-x 1 root root 766 Jun 26 18:43 secrets
-rwxr-xr-x 1 root root 766 Jun 26 18:42 secrets.old
-rwxr-xr-x 1 root root 17660 Jun 26 18:43 send-pr
-rwxr-xr-x 1 root root 17660 Jun 26 18:42 send-pr.old
lrwxrwxrwx 1 root root 22 Jun 26 18:43 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 26 18:43 showdefaults
-rwxr-xr-x 1 root root 1054 Jun 26 18:42 showdefaults.old
-rwxr-xr-x 1 root root 4748 Jun 26 18:43 showhostkey
-rwxr-xr-x 1 root root 4748 Jun 26 18:42 showhostkey.old
-rwxr-xr-x 1 root root 539893 Jun 26 18:42 spi
-rwxr-xr-x 1 root root 539893 Jun 26 18:42 spi.old
-rwxr-xr-x 1 root root 270612 Jun 26 18:42 spigrp
-rwxr-xr-x 1 root root 270612 Jun 26 18:42 spigrp.old
-rwxr-xr-x 1 root root 59147 Jun 26 18:42 tncfg
-rwxr-xr-x 1 root root 59147 Jun 26 18:42 tncfg.old
-rwxr-xr-x 1 root root 11640 Jun 26 18:43 verify
-rwxr-xr-x 1 root root 11640 Jun 26 18:42 verify.old
-rwxr-xr-x 1 root root 297365 Jun 26 18:42 whack
-rwxr-xr-x 1 root root 297365 Jun 26 18:42 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
eth0: 5533033 26323 0 0 1 0 0 0 27969480 28189 0 0 0 130 0 0
eth1:28257750 36492 0 0 1 0 0 0 5373740 24382 0 0 0 0 0 0
lo: 380735 885 0 0 0 0 0 0 380735 885 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 0003A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 001810AC 0181AE45 0003 0 0 0 00F8FFFF 0 0 0
eth1 0080AE45 00000000 0001 0 0 0 00F0FFFF 0 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF 0 0 0
eth1 00000000 0180AE45 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
eth1/accept_redirects:0
eth1/secure_redirects:1
eth1/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux gate 2.6.17.1June24 #12 Tue Jul 4 17:58:25 EDT 2006 i686 unknown unknown GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.17.1June24) support detected '
NETKEY (2.6.17.1June24) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ test -r /sbin/ipchains
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
xfrm_user 17120 2 - Live 0xd08c7000
xfrm4_tunnel 2080 0 - Live 0xd08b7000
af_key 24720 0 - Live 0xd08a7000
tunnel4 2404 1 xfrm4_tunnel, Live 0xd08b5000
ipcomp 5448 0 - Live 0xd0899000
esp4 5664 2 - Live 0xd0896000
ah4 4704 0 - Live 0xd0886000
wp512 26304 0 - Live 0xd089f000
sha512 9312 0 - Live 0xd0892000
sha256 8832 0 - Live 0xd088e000
md5 3744 0 - Live 0xd0878000
md4 3232 0 - Live 0xd0874000
des 15168 0 - Live 0xd0889000
crypto_null 2240 0 - Live 0xd0876000
aes 29536 2 - Live 0xd087a000
ipt_LOG 5344 0 - Live 0xd086d000
ipt_MASQUERADE 2912 1 - Live 0xd0872000
iptable_filter 2176 1 - Live 0xd0870000
iptable_mangle 2144 0 - Live 0xd0850000
iptable_nat 6212 1 - Live 0xd0856000
ip_nat 13228 2 ipt_MASQUERADE,iptable_nat, Live 0xd0868000
ip_tables 10072 3 iptable_filter,iptable_mangle,iptable_nat, Live 0xd0864000
ip_conntrack_ftp 5744 0 - Live 0xd085c000
ip_conntrack_irc 5200 0 - Live 0xd0859000
xt_conntrack 2080 0 - Live 0xd0854000
xt_state 1760 3 - Live 0xd0852000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 255760 kB
MemFree: 71380 kB
Buffers: 4632 kB
Cached: 88684 kB
SwapCached: 0 kB
Active: 123708 kB
Inactive: 52752 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 255760 kB
LowFree: 71380 kB
SwapTotal: 498004 kB
SwapFree: 498004 kB
Dirty: 192 kB
Writeback: 0 kB
Mapped: 90544 kB
Slab: 5956 kB
CommitLimit: 625884 kB
Committed_AS: 448672 kB
PageTables: 912 kB
VmallocTotal: 778220 kB
VmallocUsed: 764 kB
VmallocChunk: 777400 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
# CONFIG_NET_KEY is not set
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_VERBOSE is not set
# CONFIG_IP_PNP is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
# CONFIG_INET_DIAG is not set
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
CONFIG_IP_NF_CONNTRACK=y
# CONFIG_IP_NF_CT_ACCT is not set
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_PPTP is not set
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_MATCH_IPRANGE is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_DSCP is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_HASHLIMIT is not set
CONFIG_IP_NF_FILTER=m
# CONFIG_IP_NF_TARGET_REJECT is not set
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
# CONFIG_IP_NF_TARGET_TOS is not set
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_DSCP is not set
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_CRYPTO_DEV_PADLOCK is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf
# For info about the format of this file, see "man syslog.conf"
# and /usr/doc/sysklogd/README.linux. Note the '-' prefixing some
# of these entries; this omits syncing the file after every logging.
# In the event of a crash, some log information might be lost, so
# if this is a concern to you then you might want to remove the '-'.
# Be advised this will cause a performation loss if you're using
# programs that do heavy logging.
# Uncomment this to see kernel messages on the console.
#kern.* /dev/console
# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.info;*.!warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/messages
# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
*.warn;\
authpriv.none;cron.none;mail.none;news.none -/var/log/syslog
# Debugging information is logged here.
*.=debug -/var/log/debug
# Private authentication message logging:
authpriv.* -/var/log/secure
# Cron related logs:
cron.* -/var/log/cron
# Mail related logs:
mail.* -/var/log/maillog
# Emergency level messages go to all users:
*.emerg *
# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler
# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#news.=crit -/var/log/news/news.crit
#news.=err -/var/log/news/news.err
#news.notice -/var/log/news/news.notice
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 24.51.98.194
nameserver 24.51.98.195
search chvlva.adelphia.net
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
drwxr-xr-x 4 root root 4096 Jun 20 15:55 2.4.31
drwxr-xr-x 3 root root 4096 Jun 24 20:28 2.6.17.1June24200617:10
drwxr-xr-x 3 root root 4096 Jul 4 19:47 2.6.17.1June24
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c0240eda T __netif_rx_schedule
c024132e T netif_rx
c02413d7 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.31:
2.6.17.1June24:
2.6.17.1June24200617:10:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '469,$p' /var/log/syslog
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jul 5 19:54:14 gate ipsec_setup: Starting Openswan IPsec 2.4.6rc1...
Jul 5 19:54:14 gate ipsec_setup: insmod /lib/modules/2.6.17.1June24/kernel/net/key/af_key.ko
Jul 5 19:54:14 gate ipsec_setup: insmod /lib/modules/2.6.17.1June24/kernel/net/ipv4/xfrm4_tunnel.ko
Jul 5 19:54:14 gate ipsec_setup: insmod /lib/modules/2.6.17.1June24/kernel/net/xfrm/xfrm_user.ko
+ _________________________ plog
+ sed -n '23892,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jul 5 19:54:14 gate ipsec__plutorun: Starting Pluto subsystem...
Jul 5 19:54:14 gate pluto[1796]: Starting Pluto (Openswan Version 2.4.6rc1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEg[DN|~c|Gr)
Jul 5 19:54:14 gate pluto[1796]: Setting NAT-Traversal port-4500 floating to off
Jul 5 19:54:14 gate pluto[1796]: port floating activation criteria nat_t=0/port_fload=1
Jul 5 19:54:14 gate pluto[1796]: including NAT-Traversal patch (Version 0.6c) [disabled]
Jul 5 19:54:14 gate pluto[1796]: | opening /dev/hw_random
Jul 5 19:54:14 gate pluto[1796]: WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
Jul 5 19:54:14 gate pluto[1796]: | opening /dev/urandom
Jul 5 19:54:14 gate pluto[1796]: WARNING: Using /dev/urandom as the source of random
Jul 5 19:54:14 gate pluto[1796]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Jul 5 19:54:14 gate pluto[1796]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Jul 5 19:54:14 gate pluto[1796]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jul 5 19:54:14 gate pluto[1796]: starting up 1 cryptographic helpers
Jul 5 19:54:14 gate pluto[1802]: | opening /dev/hw_random
Jul 5 19:54:14 gate pluto[1802]: WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
Jul 5 19:54:14 gate pluto[1802]: | opening /dev/urandom
Jul 5 19:54:14 gate pluto[1802]: WARNING: Using /dev/urandom as the source of random
Jul 5 19:54:14 gate pluto[1796]: started helper pid=1802 (fd:6)
Jul 5 19:54:14 gate pluto[1796]: | process 1796 listening for PF_KEY_V2 on file descriptor 7
Jul 5 19:54:14 gate pluto[1796]: Using Linux 2.6 IPsec interface code on 2.6.17.1June24
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p(nil).
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p0x80fb400.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f9dc0 allocated 16 bytes, &(extensions[0])=0p0xbfe388e0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=1796.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | finish_pfkey_msg: SADB_REGISTER message 1 for AH
Jul 5 19:54:14 gate pluto[1796]: | 02 07 00 02 02 00 00 00 01 00 00 00 04 07 00 00
Jul 5 19:54:14 gate pluto[1796]: | pfkey_get: SADB_REGISTER message 1
Jul 5 19:54:14 gate pluto[1796]: | AH registered with kernel.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p(nil).
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p0x80fb400.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f9dc0 allocated 16 bytes, &(extensions[0])=0p0xbfe388e0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=1796.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | finish_pfkey_msg: SADB_REGISTER message 2 for ESP
Jul 5 19:54:14 gate pluto[1796]: | 02 07 00 03 02 00 00 00 02 00 00 00 04 07 00 00
Jul 5 19:54:14 gate pluto[1796]: | pfkey_get: SADB_REGISTER message 2
Jul 5 19:54:14 gate pluto[1796]: | alg_init():memset(0x80f77c0, 0, 2016) memset(0x80f7fa0, 0, 2048)
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=40
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=14, alg_id=251
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=14, alg_id=2
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=14, alg_id=3
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=14, alg_id=5
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=12 sadb_supported_len=40
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=15, alg_id=11
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=15, alg_id=2
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=15, alg_id=3
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_add():satype=3, exttype=15, alg_id=12
Jul 5 19:54:14 gate pluto[1796]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 5 19:54:14 gate pluto[1796]: | ESP registered with kernel.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p(nil).
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfe378c0 pfkey_ext=0p0xbfe388e0 *pfkey_ext=0p0x80fb400.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f9dc0 allocated 16 bytes, &(extensions[0])=0p0xbfe388e0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=3, pid=1796.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: remain=0
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.
Jul 5 19:54:14 gate pluto[1796]: | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP
Jul 5 19:54:14 gate pluto[1796]: | 02 07 00 09 02 00 00 00 03 00 00 00 04 07 00 00
Jul 5 19:54:14 gate pluto[1796]: | pfkey_get: SADB_REGISTER message 3
Jul 5 19:54:14 gate pluto[1796]: | IPCOMP registered with kernel.
Jul 5 19:54:14 gate pluto[1796]: Changing to directory '/etc/ipsec.d/cacerts'
Jul 5 19:54:14 gate pluto[1796]: Changing to directory '/etc/ipsec.d/aacerts'
Jul 5 19:54:14 gate pluto[1796]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jul 5 19:54:14 gate pluto[1796]: Changing to directory '/etc/ipsec.d/crls'
Jul 5 19:54:14 gate pluto[1796]: Warning: empty directory
Jul 5 19:54:14 gate pluto[1796]: | inserting event EVENT_LOG_DAILY, timeout in 14746 seconds
Jul 5 19:54:14 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 120 seconds
Jul 5 19:54:14 gate pluto[1802]: ! helper 0 waiting on fd: 7
Jul 5 19:54:15 gate pluto[1796]: |
Jul 5 19:54:15 gate pluto[1796]: | *received whack message
Jul 5 19:54:15 gate pluto[1796]: listening for IKE messages
Jul 5 19:54:15 gate pluto[1796]: | found eth0 with address 192.168.3.1
Jul 5 19:54:15 gate pluto[1796]: | found eth1 with address 69.174.129.33
Jul 5 19:54:15 gate pluto[1796]: | found lo with address 127.0.0.1
Jul 5 19:54:15 gate pluto[1796]: adding interface lo/lo 127.0.0.1:500
Jul 5 19:54:15 gate pluto[1796]: adding interface eth1/eth1 69.174.129.33:500
Jul 5 19:54:15 gate pluto[1796]: adding interface eth0/eth0 192.168.3.1:500
Jul 5 19:54:15 gate pluto[1796]: | could not open /proc/net/if_inet6
Jul 5 19:54:15 gate pluto[1796]: loading secrets from "/etc/ipsec.secrets"
Jul 5 19:54:15 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Jul 5 19:54:23 gate pluto[1796]: |
Jul 5 19:54:23 gate pluto[1796]: | *received whack message
Jul 5 19:54:23 gate pluto[1796]: | Added new connection rfd with policy PSK+ENCRYPT+TUNNEL+PFS
Jul 5 19:54:23 gate pluto[1796]: | counting wild cards for (none) is 15
Jul 5 19:54:23 gate pluto[1796]: | counting wild cards for (none) is 15
Jul 5 19:54:23 gate pluto[1796]: | connect_to_host_pair: 69.174.129.33:500 206.107.146.8:500 -> hp:none
Jul 5 19:54:23 gate pluto[1796]: added connection description "rfd"
Jul 5 19:54:23 gate pluto[1796]: | 192.168.3.0/24===69.174.129.33---69.174.129.1...206.107.146.1---206.107.146.8===172.16.24.0/21
Jul 5 19:54:23 gate pluto[1796]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+PFS
Jul 5 19:54:23 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 111 seconds
Jul 5 19:54:26 gate pluto[1796]: |
Jul 5 19:54:26 gate pluto[1796]: | *received whack message
Jul 5 19:54:26 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:26 gate pluto[1796]: | empty esp_info, returning empty
Jul 5 19:54:26 gate pluto[1796]: | creating state object #1 at 0x80fa5f0
Jul 5 19:54:26 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:26 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:26 gate pluto[1796]: | state hash entry 25
Jul 5 19:54:26 gate pluto[1796]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Jul 5 19:54:26 gate pluto[1796]: | Queuing pending Quick Mode with 206.107.146.8 "rfd"
Jul 5 19:54:26 gate pluto[1796]: "rfd" #1: initiating Main Mode
Jul 5 19:54:26 gate pluto[1796]: | **emit ISAKMP Message:
Jul 5 19:54:26 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | responder cookie:
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 00 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_SA
Jul 5 19:54:26 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:26 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:26 gate pluto[1796]: | flags: none
Jul 5 19:54:26 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | no IKE algorithms for this connection
Jul 5 19:54:26 gate pluto[1796]: | ***emit ISAKMP Security Association Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_VID
Jul 5 19:54:26 gate pluto[1796]: | DOI: ISAKMP_DOI_IPSEC
Jul 5 19:54:26 gate pluto[1796]: | ****emit IPsec DOI SIT:
Jul 5 19:54:26 gate pluto[1796]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 5 19:54:26 gate pluto[1796]: | out_sa pcn: 0 has 1 valid proposals
Jul 5 19:54:26 gate pluto[1796]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jul 5 19:54:26 gate pluto[1796]: | ****emit ISAKMP Proposal Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | proposal number: 0
Jul 5 19:54:26 gate pluto[1796]: | protocol ID: PROTO_ISAKMP
Jul 5 19:54:26 gate pluto[1796]: | SPI size: 0
Jul 5 19:54:26 gate pluto[1796]: | number of transforms: 4
Jul 5 19:54:26 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:26 gate pluto[1796]: | transform number: 0
Jul 5 19:54:26 gate pluto[1796]: | transform ID: KEY_IKE
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_TYPE
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_DURATION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 28800
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_3DES_CBC]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_MD5]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jul 5 19:54:26 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:26 gate pluto[1796]: | transform number: 1
Jul 5 19:54:26 gate pluto[1796]: | transform ID: KEY_IKE
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_TYPE
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_DURATION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 28800
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_3DES_CBC]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 2
Jul 5 19:54:26 gate pluto[1796]: | [2 is OAKLEY_SHA1]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jul 5 19:54:26 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:26 gate pluto[1796]: | transform number: 2
Jul 5 19:54:26 gate pluto[1796]: | transform ID: KEY_IKE
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_TYPE
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_DURATION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 28800
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_3DES_CBC]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 2
Jul 5 19:54:26 gate pluto[1796]: | [2 is OAKLEY_SHA1]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 2
Jul 5 19:54:26 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jul 5 19:54:26 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ISAKMP):
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | transform number: 3
Jul 5 19:54:26 gate pluto[1796]: | transform ID: KEY_IKE
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_TYPE
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_DURATION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 28800
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_3DES_CBC]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_MD5]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 5 19:54:26 gate pluto[1796]: | ******emit ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 2
Jul 5 19:54:26 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Proposal Payload: 136
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Security Association Payload: 148
Jul 5 19:54:26 gate pluto[1796]: | ***emit ISAKMP Vendor ID Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload
Jul 5 19:54:26 gate pluto[1796]: | Vendor ID 4f 45 67 5b 44 4e 7c 7e 63 7c 47 72
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Vendor ID Payload: 16
Jul 5 19:54:26 gate pluto[1796]: | ***emit ISAKMP Vendor ID Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
Jul 5 19:54:26 gate pluto[1796]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Vendor ID Payload: 20
Jul 5 19:54:26 gate pluto[1796]: | nat traversal enabled: 0
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Message: 212
Jul 5 19:54:26 gate pluto[1796]: | sending 212 bytes for main_outI1 through eth1:500 to 206.107.146.8:500:
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 00 00 00 00 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | 01 10 02 00 00 00 00 00 00 00 00 d4 0d 00 00 94
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04
Jul 5 19:54:26 gate pluto[1796]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 70 80
Jul 5 19:54:26 gate pluto[1796]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05
Jul 5 19:54:26 gate pluto[1796]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 70 80
Jul 5 19:54:26 gate pluto[1796]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05
Jul 5 19:54:26 gate pluto[1796]: | 03 00 00 20 02 01 00 00 80 0b 00 01 80 0c 70 80
Jul 5 19:54:26 gate pluto[1796]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 20 03 01 00 00 80 0b 00 01 80 0c 70 80
Jul 5 19:54:26 gate pluto[1796]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02
Jul 5 19:54:26 gate pluto[1796]: | 0d 00 00 10 4f 45 67 5b 44 4e 7c 7e 63 7c 47 72
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc
Jul 5 19:54:26 gate pluto[1796]: | 77 57 01 00
Jul 5 19:54:26 gate pluto[1796]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jul 5 19:54:26 gate pluto[1796]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 5 19:54:26 gate pluto[1796]: |
Jul 5 19:54:26 gate pluto[1796]: | *received 80 bytes from 206.107.146.8:500 on eth1 (port=500)
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 20 01 01 00 00 80 0b 00 01 80 0c 70 80
Jul 5 19:54:26 gate pluto[1796]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02
Jul 5 19:54:26 gate pluto[1796]: | **parse ISAKMP Message:
Jul 5 19:54:26 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | responder cookie:
Jul 5 19:54:26 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_SA
Jul 5 19:54:26 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:26 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:26 gate pluto[1796]: | flags: none
Jul 5 19:54:26 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | length: 80
Jul 5 19:54:26 gate pluto[1796]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 5 19:54:26 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:26 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:26 gate pluto[1796]: | state object not found
Jul 5 19:54:26 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:26 gate pluto[1796]: | state hash entry 25
Jul 5 19:54:26 gate pluto[1796]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 5 19:54:26 gate pluto[1796]: | state object #1 found, in STATE_MAIN_I1
Jul 5 19:54:26 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:26 gate pluto[1796]: | ***parse ISAKMP Security Association Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | length: 52
Jul 5 19:54:26 gate pluto[1796]: | DOI: ISAKMP_DOI_IPSEC
Jul 5 19:54:26 gate pluto[1796]: | ****parse IPsec DOI SIT:
Jul 5 19:54:26 gate pluto[1796]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 5 19:54:26 gate pluto[1796]: | ****parse ISAKMP Proposal Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | length: 40
Jul 5 19:54:26 gate pluto[1796]: | proposal number: 1
Jul 5 19:54:26 gate pluto[1796]: | protocol ID: PROTO_ISAKMP
Jul 5 19:54:26 gate pluto[1796]: | SPI size: 0
Jul 5 19:54:26 gate pluto[1796]: | number of transforms: 1
Jul 5 19:54:26 gate pluto[1796]: | *****parse ISAKMP Transform Payload (ISAKMP):
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | length: 32
Jul 5 19:54:26 gate pluto[1796]: | transform number: 1
Jul 5 19:54:26 gate pluto[1796]: | transform ID: KEY_IKE
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_TYPE
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_LIFE_DURATION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 28800
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 5
Jul 5 19:54:26 gate pluto[1796]: | [5 is OAKLEY_3DES_CBC]
Jul 5 19:54:26 gate pluto[1796]: | ike_alg_enc_ok(ealg=5,key_len=0): blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_MD5]
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 5 19:54:26 gate pluto[1796]: | length/value: 1
Jul 5 19:54:26 gate pluto[1796]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 5 19:54:26 gate pluto[1796]: | started looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:26 gate pluto[1796]: | actually looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:26 gate pluto[1796]: | 1: compared PSK 206.107.146.8 to 69.174.129.33 / 206.107.146.8 -> 2
Jul 5 19:54:26 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 6
Jul 5 19:54:26 gate pluto[1796]: | best_match 0>6 best=0x80fa248 (line=15)
Jul 5 19:54:26 gate pluto[1796]: | 1: compared PSK 143.247.7.28 to 69.174.129.33 / 206.107.146.8 -> 0
Jul 5 19:54:26 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 4
Jul 5 19:54:26 gate pluto[1796]: | concluding with best_match=6 best=0x80fa248 (lineno=15)
Jul 5 19:54:26 gate pluto[1796]: | ******parse ISAKMP Oakley attribute:
Jul 5 19:54:26 gate pluto[1796]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 5 19:54:26 gate pluto[1796]: | length/value: 2
Jul 5 19:54:26 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:26 gate pluto[1796]: | Oakley Transform 1 accepted
Jul 5 19:54:26 gate pluto[1796]: | sender checking NAT-t: 0 and 0
Jul 5 19:54:26 gate pluto[1796]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 5 19:54:26 gate pluto[1796]: | asking helper 0 to do build_kenonce op on seq: 1
Jul 5 19:54:26 gate pluto[1796]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Jul 5 19:54:26 gate pluto[1796]: | complete state transition with STF_SUSPEND
Jul 5 19:54:26 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 108 seconds
Jul 5 19:54:26 gate pluto[1802]: ! helper -1 doing build_kenonce op id: 1
Jul 5 19:54:26 gate pluto[1802]: ! Local DH secret:
Jul 5 19:54:26 gate pluto[1802]: ! 01 8e 31 62 2f d3 08 fa cc e2 01 4b 01 d0 c3 cd
Jul 5 19:54:26 gate pluto[1802]: ! dd aa fe fb d4 e9 cc 49 b7 81 c4 7e 8d 85 d0 07
Jul 5 19:54:26 gate pluto[1802]: ! Public DH value sent:
Jul 5 19:54:26 gate pluto[1802]: ! db e5 82 43 4e 54 f1 4b 2f cf 7d 7b 7d dd c7 ea
Jul 5 19:54:26 gate pluto[1802]: ! 5b ed 68 e6 71 9b 76 2e af b5 83 cb e9 00 fd 6d
Jul 5 19:54:26 gate pluto[1802]: ! 7c 4e 6c 31 5e 51 03 ed 73 53 a4 53 b8 2c 2d 53
Jul 5 19:54:26 gate pluto[1802]: ! a5 36 e0 ef af d9 8a 7a b1 45 95 ec f6 86 5a d6
Jul 5 19:54:26 gate pluto[1802]: ! 04 2f db 08 b4 55 94 d4 f7 ba f0 b8 63 9c 89 13
Jul 5 19:54:26 gate pluto[1802]: ! 07 7e 89 26 a6 50 e3 a7 e1 fa a5 ec f9 7d 11 d7
Jul 5 19:54:26 gate pluto[1802]: ! 4c cc 79 a2 9f 88 c6 fc f4 6e 68 0e 26 b2 2a e5
Jul 5 19:54:26 gate pluto[1802]: ! eb 82 17 fd c8 a2 af 9d c9 a2 95 ad 21 44 55 f7
Jul 5 19:54:26 gate pluto[1802]: ! Generated nonce:
Jul 5 19:54:26 gate pluto[1802]: ! d9 41 9c aa 7c c6 95 9b e7 48 f3 ec 6b 61 31 54
Jul 5 19:54:26 gate pluto[1796]: | helper 0 has work (cnt now 0)
Jul 5 19:54:26 gate pluto[1796]: | helper 0 replies to sequence 1
Jul 5 19:54:26 gate pluto[1796]: | calling callback function 0x8065770
Jul 5 19:54:26 gate pluto[1796]: | main inR1_outI2: calculated ke+nonce, sending I2
Jul 5 19:54:26 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:26 gate pluto[1796]: | **emit ISAKMP Message:
Jul 5 19:54:26 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | responder cookie:
Jul 5 19:54:26 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_KE
Jul 5 19:54:26 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:26 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:26 gate pluto[1796]: | flags: none
Jul 5 19:54:26 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | ***emit ISAKMP Key Exchange Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONCE
Jul 5 19:54:26 gate pluto[1796]: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
Jul 5 19:54:26 gate pluto[1796]: | keyex value db e5 82 43 4e 54 f1 4b 2f cf 7d 7b 7d dd c7 ea
Jul 5 19:54:26 gate pluto[1796]: | 5b ed 68 e6 71 9b 76 2e af b5 83 cb e9 00 fd 6d
Jul 5 19:54:26 gate pluto[1796]: | 7c 4e 6c 31 5e 51 03 ed 73 53 a4 53 b8 2c 2d 53
Jul 5 19:54:26 gate pluto[1796]: | a5 36 e0 ef af d9 8a 7a b1 45 95 ec f6 86 5a d6
Jul 5 19:54:26 gate pluto[1796]: | 04 2f db 08 b4 55 94 d4 f7 ba f0 b8 63 9c 89 13
Jul 5 19:54:26 gate pluto[1796]: | 07 7e 89 26 a6 50 e3 a7 e1 fa a5 ec f9 7d 11 d7
Jul 5 19:54:26 gate pluto[1796]: | 4c cc 79 a2 9f 88 c6 fc f4 6e 68 0e 26 b2 2a e5
Jul 5 19:54:26 gate pluto[1796]: | eb 82 17 fd c8 a2 af 9d c9 a2 95 ad 21 44 55 f7
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Key Exchange Payload: 132
Jul 5 19:54:26 gate pluto[1796]: | ***emit ISAKMP Nonce Payload:
Jul 5 19:54:26 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:26 gate pluto[1796]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload
Jul 5 19:54:26 gate pluto[1796]: | Ni d9 41 9c aa 7c c6 95 9b e7 48 f3 ec 6b 61 31 54
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Nonce Payload: 20
Jul 5 19:54:26 gate pluto[1796]: | emitting length of ISAKMP Message: 180
Jul 5 19:54:26 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 5 19:54:26 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:26 gate pluto[1796]: | state hash entry 25
Jul 5 19:54:26 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:26 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:26 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:26 gate pluto[1796]: | complete state transition with STF_OK
Jul 5 19:54:26 gate pluto[1796]: "rfd" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 5 19:54:26 gate pluto[1796]: | sending reply packet to 206.107.146.8:500 (from port=500)
Jul 5 19:54:26 gate pluto[1796]: | sending 180 bytes for STATE_MAIN_I1 through eth1:500 to 206.107.146.8:500:
Jul 5 19:54:26 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:26 gate pluto[1796]: | 04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84
Jul 5 19:54:26 gate pluto[1796]: | db e5 82 43 4e 54 f1 4b 2f cf 7d 7b 7d dd c7 ea
Jul 5 19:54:26 gate pluto[1796]: | 5b ed 68 e6 71 9b 76 2e af b5 83 cb e9 00 fd 6d
Jul 5 19:54:26 gate pluto[1796]: | 7c 4e 6c 31 5e 51 03 ed 73 53 a4 53 b8 2c 2d 53
Jul 5 19:54:26 gate pluto[1796]: | a5 36 e0 ef af d9 8a 7a b1 45 95 ec f6 86 5a d6
Jul 5 19:54:26 gate pluto[1796]: | 04 2f db 08 b4 55 94 d4 f7 ba f0 b8 63 9c 89 13
Jul 5 19:54:26 gate pluto[1796]: | 07 7e 89 26 a6 50 e3 a7 e1 fa a5 ec f9 7d 11 d7
Jul 5 19:54:26 gate pluto[1796]: | 4c cc 79 a2 9f 88 c6 fc f4 6e 68 0e 26 b2 2a e5
Jul 5 19:54:26 gate pluto[1796]: | eb 82 17 fd c8 a2 af 9d c9 a2 95 ad 21 44 55 f7
Jul 5 19:54:26 gate pluto[1796]: | 00 00 00 14 d9 41 9c aa 7c c6 95 9b e7 48 f3 ec
Jul 5 19:54:26 gate pluto[1796]: | 6b 61 31 54
Jul 5 19:54:26 gate pluto[1796]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jul 5 19:54:26 gate pluto[1796]: "rfd" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jul 5 19:54:26 gate pluto[1796]: | modecfg pull: noquirk policy:push not-client
Jul 5 19:54:26 gate pluto[1796]: | phase 1 is done, looking for phase 1 to unpend
Jul 5 19:54:26 gate pluto[1796]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 5 19:54:27 gate pluto[1796]: |
Jul 5 19:54:27 gate pluto[1796]: | *received 184 bytes from 206.107.146.8:500 on eth1 (port=500)
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 04 10 02 00 00 00 00 00 00 00 00 b8 0a 00 00 84
Jul 5 19:54:27 gate pluto[1796]: | 72 e1 c2 60 96 ed a9 6e d9 f7 79 9d d2 22 c5 0e
Jul 5 19:54:27 gate pluto[1796]: | 97 86 ff 84 d4 87 13 ed 9f 13 69 3d 74 1c 3d bd
Jul 5 19:54:27 gate pluto[1796]: | 19 e5 37 d6 59 8e f4 3a 0c 84 0e d8 3b 6f 73 0b
Jul 5 19:54:27 gate pluto[1796]: | fc 66 0c f5 b0 72 a0 65 c6 9d 83 32 93 fa 34 0d
Jul 5 19:54:27 gate pluto[1796]: | c2 bd 4e 70 6e 3b 92 86 70 30 bf 13 1a 53 9c fe
Jul 5 19:54:27 gate pluto[1796]: | 1d fa 91 b1 53 58 20 db e0 19 a8 55 e5 62 2b 10
Jul 5 19:54:27 gate pluto[1796]: | f4 36 17 9c 5d 47 b9 3a 0e 40 75 05 5a 37 00 0d
Jul 5 19:54:27 gate pluto[1796]: | 2b 9e d1 16 f8 12 f3 c7 e0 3b 59 b7 d6 05 eb 0b
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 18 cb e3 03 42 61 9a 0f b1 0c 3d f2 c9
Jul 5 19:54:27 gate pluto[1796]: | 74 c4 4c 63 c4 8a fb 90
Jul 5 19:54:27 gate pluto[1796]: | **parse ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_KE
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:27 gate pluto[1796]: | flags: none
Jul 5 19:54:27 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:27 gate pluto[1796]: | length: 184
Jul 5 19:54:27 gate pluto[1796]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 5 19:54:27 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:27 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:27 gate pluto[1796]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 5 19:54:27 gate pluto[1796]: | state object #1 found, in STATE_MAIN_I2
Jul 5 19:54:27 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Key Exchange Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONCE
Jul 5 19:54:27 gate pluto[1796]: | length: 132
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Nonce Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | length: 24
Jul 5 19:54:27 gate pluto[1796]: | **emit ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:27 gate pluto[1796]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 5 19:54:27 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:27 gate pluto[1796]: | DH public value received:
Jul 5 19:54:27 gate pluto[1796]: | 72 e1 c2 60 96 ed a9 6e d9 f7 79 9d d2 22 c5 0e
Jul 5 19:54:27 gate pluto[1796]: | 97 86 ff 84 d4 87 13 ed 9f 13 69 3d 74 1c 3d bd
Jul 5 19:54:27 gate pluto[1796]: | 19 e5 37 d6 59 8e f4 3a 0c 84 0e d8 3b 6f 73 0b
Jul 5 19:54:27 gate pluto[1796]: | fc 66 0c f5 b0 72 a0 65 c6 9d 83 32 93 fa 34 0d
Jul 5 19:54:27 gate pluto[1796]: | c2 bd 4e 70 6e 3b 92 86 70 30 bf 13 1a 53 9c fe
Jul 5 19:54:27 gate pluto[1796]: | 1d fa 91 b1 53 58 20 db e0 19 a8 55 e5 62 2b 10
Jul 5 19:54:27 gate pluto[1796]: | f4 36 17 9c 5d 47 b9 3a 0e 40 75 05 5a 37 00 0d
Jul 5 19:54:27 gate pluto[1796]: | 2b 9e d1 16 f8 12 f3 c7 e0 3b 59 b7 d6 05 eb 0b
Jul 5 19:54:27 gate pluto[1796]: | thinking about whether to send my certificate:
Jul 5 19:54:27 gate pluto[1796]: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
Jul 5 19:54:27 gate pluto[1796]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
Jul 5 19:54:27 gate pluto[1796]: | so do not send cert.
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: I did not send a certificate because I do not have one.
Jul 5 19:54:27 gate pluto[1796]: | I am not sending a certificate request
Jul 5 19:54:27 gate pluto[1796]: | started looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:27 gate pluto[1796]: | actually looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:27 gate pluto[1796]: | 1: compared PSK 206.107.146.8 to 69.174.129.33 / 206.107.146.8 -> 2
Jul 5 19:54:27 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 6
Jul 5 19:54:27 gate pluto[1796]: | best_match 0>6 best=0x80fa248 (line=15)
Jul 5 19:54:27 gate pluto[1796]: | 1: compared PSK 143.247.7.28 to 69.174.129.33 / 206.107.146.8 -> 0
Jul 5 19:54:27 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 4
Jul 5 19:54:27 gate pluto[1796]: | concluding with best_match=6 best=0x80fa248 (lineno=15)
Jul 5 19:54:27 gate pluto[1796]: | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 8314 usec
Jul 5 19:54:27 gate pluto[1796]: | DH shared secret:
Jul 5 19:54:27 gate pluto[1796]: | 27 d0 71 fb b4 d2 93 b2 74 d4 e8 b7 a5 de 83 3e
Jul 5 19:54:27 gate pluto[1796]: | 94 bb 8b 1f 81 64 b9 6c e5 dc 4a f5 0a 1b 96 cd
Jul 5 19:54:27 gate pluto[1796]: | c5 1a df 91 e4 7c ad f4 be 69 fb 34 91 6a 06 a8
Jul 5 19:54:27 gate pluto[1796]: | e8 2f 35 0a fd fb 9b 37 87 04 08 0d 7d 88 37 33
Jul 5 19:54:27 gate pluto[1796]: | 34 28 44 d1 4c c2 40 2c 41 5f 64 26 41 57 be b4
Jul 5 19:54:27 gate pluto[1796]: | 3e 15 ce bf ab c9 60 a3 37 db be ea 88 7b d2 b7
Jul 5 19:54:27 gate pluto[1796]: | b4 2a 69 52 4b 94 39 61 cb 9b 4a 6c 58 2d ee eb
Jul 5 19:54:27 gate pluto[1796]: | 57 06 ed 3c 3e cf 62 95 f0 4a 05 74 29 5f c1 10
Jul 5 19:54:27 gate pluto[1796]: | Skey inputs (PSK+NI+NR)
Jul 5 19:54:27 gate pluto[1796]: | ni: d9 41 9c aa 7c c6 95 9b e7 48 f3 ec 6b 61 31 54
Jul 5 19:54:27 gate pluto[1796]: | nr: cb e3 03 42 61 9a 0f b1 0c 3d f2 c9 74 c4 4c 63
Jul 5 19:54:27 gate pluto[1796]: | c4 8a fb 90
Jul 5 19:54:27 gate pluto[1796]: | keyid: 0f ec 24 03 2c ba 83 31 f1 22 54 7b 19 ec 39 4e
Jul 5 19:54:27 gate pluto[1796]: | DH_i: db e5 82 43 4e 54 f1 4b 2f cf 7d 7b 7d dd c7 ea
Jul 5 19:54:27 gate pluto[1796]: | 5b ed 68 e6 71 9b 76 2e af b5 83 cb e9 00 fd 6d
Jul 5 19:54:27 gate pluto[1796]: | 7c 4e 6c 31 5e 51 03 ed 73 53 a4 53 b8 2c 2d 53
Jul 5 19:54:27 gate pluto[1796]: | a5 36 e0 ef af d9 8a 7a b1 45 95 ec f6 86 5a d6
Jul 5 19:54:27 gate pluto[1796]: | 04 2f db 08 b4 55 94 d4 f7 ba f0 b8 63 9c 89 13
Jul 5 19:54:27 gate pluto[1796]: | 07 7e 89 26 a6 50 e3 a7 e1 fa a5 ec f9 7d 11 d7
Jul 5 19:54:27 gate pluto[1796]: | 4c cc 79 a2 9f 88 c6 fc f4 6e 68 0e 26 b2 2a e5
Jul 5 19:54:27 gate pluto[1796]: | eb 82 17 fd c8 a2 af 9d c9 a2 95 ad 21 44 55 f7
Jul 5 19:54:27 gate pluto[1796]: | DH_r: 72 e1 c2 60 96 ed a9 6e d9 f7 79 9d d2 22 c5 0e
Jul 5 19:54:27 gate pluto[1796]: | 97 86 ff 84 d4 87 13 ed 9f 13 69 3d 74 1c 3d bd
Jul 5 19:54:27 gate pluto[1796]: | 19 e5 37 d6 59 8e f4 3a 0c 84 0e d8 3b 6f 73 0b
Jul 5 19:54:27 gate pluto[1796]: | fc 66 0c f5 b0 72 a0 65 c6 9d 83 32 93 fa 34 0d
Jul 5 19:54:27 gate pluto[1796]: | c2 bd 4e 70 6e 3b 92 86 70 30 bf 13 1a 53 9c fe
Jul 5 19:54:27 gate pluto[1796]: | 1d fa 91 b1 53 58 20 db e0 19 a8 55 e5 62 2b 10
Jul 5 19:54:27 gate pluto[1796]: | f4 36 17 9c 5d 47 b9 3a 0e 40 75 05 5a 37 00 0d
Jul 5 19:54:27 gate pluto[1796]: | 2b 9e d1 16 f8 12 f3 c7 e0 3b 59 b7 d6 05 eb 0b
Jul 5 19:54:27 gate pluto[1796]: | Skeyid: 0f ec 24 03 2c ba 83 31 f1 22 54 7b 19 ec 39 4e
Jul 5 19:54:27 gate pluto[1796]: | Skeyid_d: 80 46 c9 7d c8 b2 db 84 b2 11 ba b8 4c 28 9e 17
Jul 5 19:54:27 gate pluto[1796]: | Skeyid_a: 0d b7 28 30 c6 14 64 33 5f e0 80 e2 03 d0 ec 41
Jul 5 19:54:27 gate pluto[1796]: | Skeyid_e: ca 90 70 83 8f 53 a3 9e 3c ec d5 eb 49 54 7d 63
Jul 5 19:54:27 gate pluto[1796]: | enc key: dd b1 d6 64 2c a2 96 1e c0 36 98 88 89 1f 9b 47
Jul 5 19:54:27 gate pluto[1796]: | a8 03 69 72 ab 07 dc 61
Jul 5 19:54:27 gate pluto[1796]: | IV: 9e a5 76 9e fc 92 cc 6e c4 c9 74 29 74 02 c4 84
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Identification Payload (IPsec DOI):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_HASH
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR
Jul 5 19:54:27 gate pluto[1796]: | Protocol ID: 0
Jul 5 19:54:27 gate pluto[1796]: | port: 0
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
Jul 5 19:54:27 gate pluto[1796]: | my identity 45 ae 81 21
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12
Jul 5 19:54:27 gate pluto[1796]: | hashing 144 bytes of SA
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Hash Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | emitting 16 raw bytes of HASH_I into ISAKMP Hash Payload
Jul 5 19:54:27 gate pluto[1796]: | HASH_I ae 98 79 0a f4 78 a5 02 21 f2 b7 8d 93 79 98 87
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Hash Payload: 20
Jul 5 19:54:27 gate pluto[1796]: | encrypting:
Jul 5 19:54:27 gate pluto[1796]: | 08 00 00 0c 01 00 00 00 45 ae 81 21 00 00 00 14
Jul 5 19:54:27 gate pluto[1796]: | ae 98 79 0a f4 78 a5 02 21 f2 b7 8d 93 79 98 87
Jul 5 19:54:27 gate pluto[1796]: | IV:
Jul 5 19:54:27 gate pluto[1796]: | 9e a5 76 9e fc 92 cc 6e c4 c9 74 29 74 02 c4 84
Jul 5 19:54:27 gate pluto[1796]: | encrypting using OAKLEY_3DES_CBC
Jul 5 19:54:27 gate pluto[1796]: | next IV: 23 ce 4f 8e 41 bc d7 96
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Message: 60
Jul 5 19:54:27 gate pluto[1796]: | complete state transition with STF_OK
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 5 19:54:27 gate pluto[1796]: | sending reply packet to 206.107.146.8:500 (from port=500)
Jul 5 19:54:27 gate pluto[1796]: | sending 60 bytes for STATE_MAIN_I2 through eth1:500 to 206.107.146.8:500:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 05 10 02 01 00 00 00 00 00 00 00 3c d4 a7 43 35
Jul 5 19:54:27 gate pluto[1796]: | 4e 29 35 b1 66 1a 6d e3 6f 57 6b a0 19 7d e0 10
Jul 5 19:54:27 gate pluto[1796]: | e8 80 6f d1 23 ce 4f 8e 41 bc d7 96
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jul 5 19:54:27 gate pluto[1796]: | modecfg pull: noquirk policy:push not-client
Jul 5 19:54:27 gate pluto[1796]: | phase 1 is done, looking for phase 1 to unpend
Jul 5 19:54:27 gate pluto[1796]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Jul 5 19:54:27 gate pluto[1796]: |
Jul 5 19:54:27 gate pluto[1796]: | *received 68 bytes from 206.107.146.8:500 on eth1 (port=500)
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 05 10 02 01 00 00 00 00 00 00 00 44 81 c0 88 93
Jul 5 19:54:27 gate pluto[1796]: | 99 33 e9 62 48 9a e7 44 ec a4 2a e9 e7 ca fe 05
Jul 5 19:54:27 gate pluto[1796]: | 30 fa 10 90 e1 a9 1e 82 ca 1a c4 7f 6b f6 b0 36
Jul 5 19:54:27 gate pluto[1796]: | 7b a2 bb 76
Jul 5 19:54:27 gate pluto[1796]: | **parse ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 5 19:54:27 gate pluto[1796]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 5 19:54:27 gate pluto[1796]: | message ID: 00 00 00 00
Jul 5 19:54:27 gate pluto[1796]: | length: 68
Jul 5 19:54:27 gate pluto[1796]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Jul 5 19:54:27 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:27 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:27 gate pluto[1796]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Jul 5 19:54:27 gate pluto[1796]: | state object #1 found, in STATE_MAIN_I3
Jul 5 19:54:27 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:27 gate pluto[1796]: | received encrypted packet from 206.107.146.8:500
Jul 5 19:54:27 gate pluto[1796]: | decrypting 40 bytes using algorithm OAKLEY_3DES_CBC
Jul 5 19:54:27 gate pluto[1796]: | decrypted:
Jul 5 19:54:27 gate pluto[1796]: | 08 00 00 0c 01 00 00 00 ce 6b 92 08 00 00 00 14
Jul 5 19:54:27 gate pluto[1796]: | ac 34 88 8b 20 08 c4 2b b7 95 3f 63 6c d3 34 f4
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 00 00 00 00 07
Jul 5 19:54:27 gate pluto[1796]: | next IV: 6b f6 b0 36 7b a2 bb 76
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Identification Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_HASH
Jul 5 19:54:27 gate pluto[1796]: | length: 12
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR
Jul 5 19:54:27 gate pluto[1796]: | DOI specific A: 0
Jul 5 19:54:27 gate pluto[1796]: | DOI specific B: 0
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Hash Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | length: 20
Jul 5 19:54:27 gate pluto[1796]: | removing 8 bytes of padding
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: Main mode peer ID is ID_IPV4_ADDR: '206.107.146.8'
Jul 5 19:54:27 gate pluto[1796]: | hashing 144 bytes of SA
Jul 5 19:54:27 gate pluto[1796]: | authentication succeeded
Jul 5 19:54:27 gate pluto[1796]: | complete state transition with STF_OK
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_SA_REPLACE, timeout in 28232 seconds for #1
Jul 5 19:54:27 gate pluto[1796]: "rfd" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Jul 5 19:54:27 gate pluto[1796]: | modecfg pull: noquirk policy:push not-client
Jul 5 19:54:27 gate pluto[1796]: | phase 1 is done, looking for phase 1 to unpend
Jul 5 19:54:27 gate pluto[1796]: | unqueuing pending Quick Mode with 206.107.146.8 "rfd"
Jul 5 19:54:27 gate pluto[1796]: | duplicating state object #1
Jul 5 19:54:27 gate pluto[1796]: | creating state object #2 at 0x80fc3e8
Jul 5 19:54:27 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:27 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:27 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
Jul 5 19:54:27 gate pluto[1796]: "rfd" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jul 5 19:54:27 gate pluto[1796]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 5 19:54:27 gate pluto[1796]: | asking helper 0 to do build_kenonce op on seq: 2
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
Jul 5 19:54:27 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 107 seconds
Jul 5 19:54:27 gate pluto[1802]: ! helper -1 doing build_kenonce op id: 2
Jul 5 19:54:27 gate pluto[1802]: ! Local DH secret:
Jul 5 19:54:27 gate pluto[1802]: ! 7a 7b dc 82 d6 f4 26 d7 5b 25 7d 09 e7 9e 5d a7
Jul 5 19:54:27 gate pluto[1802]: ! 1e 24 f8 a8 4d ea bb b2 5f f1 d9 32 82 b4 9e 1d
Jul 5 19:54:27 gate pluto[1802]: ! Public DH value sent:
Jul 5 19:54:27 gate pluto[1802]: ! 7e ba dd ad c0 07 80 23 1f ab 90 e9 94 14 a2 22
Jul 5 19:54:27 gate pluto[1802]: ! 11 52 7f 59 3a ba fe 89 18 87 b3 74 0f ef f7 ec
Jul 5 19:54:27 gate pluto[1802]: ! a9 a0 87 7e ed 12 91 d2 71 ea f9 7f 2a 5f 08 51
Jul 5 19:54:27 gate pluto[1802]: ! 36 dc 81 eb 9d e5 15 5d 87 20 4f 1f eb de b8 e5
Jul 5 19:54:27 gate pluto[1802]: ! 4c 04 e0 1d fc a0 b0 fa 33 c5 a8 f5 08 b5 12 ec
Jul 5 19:54:27 gate pluto[1802]: ! 3d ba 22 ff 2e 58 83 1a 05 d0 e8 b7 05 36 86 6a
Jul 5 19:54:27 gate pluto[1802]: ! 2e a5 26 67 05 53 67 85 36 94 4c f7 f3 cf 66 eb
Jul 5 19:54:27 gate pluto[1802]: ! ef 0b 3d 8e 44 55 5c e9 8b 5a 84 0c cc 86 5f 1e
Jul 5 19:54:27 gate pluto[1802]: ! Generated nonce:
Jul 5 19:54:27 gate pluto[1802]: ! 9c 67 49 8c 26 dd 66 83 b8 cc f0 61 f7 5c 42 39
Jul 5 19:54:27 gate pluto[1796]: | helper 0 has work (cnt now 0)
Jul 5 19:54:27 gate pluto[1796]: | helper 0 replies to sequence 2
Jul 5 19:54:27 gate pluto[1796]: | calling callback function 0x806a530
Jul 5 19:54:27 gate pluto[1796]: | quick outI1: calculated ke+nonce, sending I1
Jul 5 19:54:27 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:27 gate pluto[1796]: | **emit ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_HASH
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_QUICK
Jul 5 19:54:27 gate pluto[1796]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 5 19:54:27 gate pluto[1796]: | message ID: 77 46 2c 86
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Hash Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_SA
Jul 5 19:54:27 gate pluto[1796]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Hash Payload: 20
Jul 5 19:54:27 gate pluto[1796]: | empty esp_info, returning empty
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Security Association Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONCE
Jul 5 19:54:27 gate pluto[1796]: | DOI: ISAKMP_DOI_IPSEC
Jul 5 19:54:27 gate pluto[1796]: | ****emit IPsec DOI SIT:
Jul 5 19:54:27 gate pluto[1796]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 5 19:54:27 gate pluto[1796]: | out_sa pcn: 0 has 1 valid proposals
Jul 5 19:54:27 gate pluto[1796]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jul 5 19:54:27 gate pluto[1796]: | ****emit ISAKMP Proposal Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | proposal number: 0
Jul 5 19:54:27 gate pluto[1796]: | protocol ID: PROTO_IPSEC_ESP
Jul 5 19:54:27 gate pluto[1796]: | SPI size: 4
Jul 5 19:54:27 gate pluto[1796]: | number of transforms: 4
Jul 5 19:54:27 gate pluto[1796]: | netlink_get_spi: allocated 0xfe3afc89 for esp.0 at 69.174.129.33
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
Jul 5 19:54:27 gate pluto[1796]: | SPI fe 3a fc 89
Jul 5 19:54:27 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ESP):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:27 gate pluto[1796]: | transform number: 0
Jul 5 19:54:27 gate pluto[1796]: | transform ID: ESP_AES
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: GROUP_DESCRIPTION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: ENCAPSULATION_MODE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_TYPE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_DURATION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 3600
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: AUTH_ALGORITHM
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ESP): 28
Jul 5 19:54:27 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ESP):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:27 gate pluto[1796]: | transform number: 1
Jul 5 19:54:27 gate pluto[1796]: | transform ID: ESP_AES
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: GROUP_DESCRIPTION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: ENCAPSULATION_MODE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_TYPE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_DURATION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 3600
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: AUTH_ALGORITHM
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ESP): 28
Jul 5 19:54:27 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ESP):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_T
Jul 5 19:54:27 gate pluto[1796]: | transform number: 2
Jul 5 19:54:27 gate pluto[1796]: | transform ID: ESP_3DES
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: GROUP_DESCRIPTION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: ENCAPSULATION_MODE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_TYPE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_DURATION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 3600
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: AUTH_ALGORITHM
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ESP): 28
Jul 5 19:54:27 gate pluto[1796]: | *****emit ISAKMP Transform Payload (ESP):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | transform number: 3
Jul 5 19:54:27 gate pluto[1796]: | transform ID: ESP_3DES
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: GROUP_DESCRIPTION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: ENCAPSULATION_MODE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_TYPE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_DURATION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 3600
Jul 5 19:54:27 gate pluto[1796]: | ******emit ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: AUTH_ALGORITHM
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Transform Payload (ESP): 28
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Proposal Payload: 124
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Security Association Payload: 136
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Nonce Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_KE
Jul 5 19:54:27 gate pluto[1796]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload
Jul 5 19:54:27 gate pluto[1796]: | Ni 9c 67 49 8c 26 dd 66 83 b8 cc f0 61 f7 5c 42 39
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Nonce Payload: 20
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Key Exchange Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
Jul 5 19:54:27 gate pluto[1796]: | keyex value 7e ba dd ad c0 07 80 23 1f ab 90 e9 94 14 a2 22
Jul 5 19:54:27 gate pluto[1796]: | 11 52 7f 59 3a ba fe 89 18 87 b3 74 0f ef f7 ec
Jul 5 19:54:27 gate pluto[1796]: | a9 a0 87 7e ed 12 91 d2 71 ea f9 7f 2a 5f 08 51
Jul 5 19:54:27 gate pluto[1796]: | 36 dc 81 eb 9d e5 15 5d 87 20 4f 1f eb de b8 e5
Jul 5 19:54:27 gate pluto[1796]: | 4c 04 e0 1d fc a0 b0 fa 33 c5 a8 f5 08 b5 12 ec
Jul 5 19:54:27 gate pluto[1796]: | 3d ba 22 ff 2e 58 83 1a 05 d0 e8 b7 05 36 86 6a
Jul 5 19:54:27 gate pluto[1796]: | 2e a5 26 67 05 53 67 85 36 94 4c f7 f3 cf 66 eb
Jul 5 19:54:27 gate pluto[1796]: | ef 0b 3d 8e 44 55 5c e9 8b 5a 84 0c cc 86 5f 1e
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Key Exchange Payload: 132
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Identification Payload (IPsec DOI):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 5 19:54:27 gate pluto[1796]: | Protocol ID: 0
Jul 5 19:54:27 gate pluto[1796]: | port: 0
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
Jul 5 19:54:27 gate pluto[1796]: | client network c0 a8 03 00
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
Jul 5 19:54:27 gate pluto[1796]: | client mask ff ff ff 00
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Identification Payload (IPsec DOI):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 5 19:54:27 gate pluto[1796]: | Protocol ID: 0
Jul 5 19:54:27 gate pluto[1796]: | port: 0
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
Jul 5 19:54:27 gate pluto[1796]: | client network ac 10 18 00
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
Jul 5 19:54:27 gate pluto[1796]: | client mask ff ff f8 00
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16
Jul 5 19:54:27 gate pluto[1796]: | HASH(1) computed:
Jul 5 19:54:27 gate pluto[1796]: | 29 36 41 e6 45 5a cc c3 0b 02 1f af 8d c0 20 69
Jul 5 19:54:27 gate pluto[1796]: | last Phase 1 IV: 6b f6 b0 36 7b a2 bb 76
Jul 5 19:54:27 gate pluto[1796]: | current Phase 1 IV: 6b f6 b0 36 7b a2 bb 76
Jul 5 19:54:27 gate pluto[1796]: | computed Phase 2 IV:
Jul 5 19:54:27 gate pluto[1796]: | ee 8a d8 19 85 45 22 1f 0c ed 84 9e a4 53 28 cd
Jul 5 19:54:27 gate pluto[1796]: | encrypting:
Jul 5 19:54:27 gate pluto[1796]: | 01 00 00 14 29 36 41 e6 45 5a cc c3 0b 02 1f af
Jul 5 19:54:27 gate pluto[1796]: | 8d c0 20 69 0a 00 00 88 00 00 00 01 00 00 00 01
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 7c 00 03 04 04 fe 3a fc 89 03 00 00 1c
Jul 5 19:54:27 gate pluto[1796]: | 00 0c 00 00 80 03 00 02 80 04 00 01 80 01 00 01
Jul 5 19:54:27 gate pluto[1796]: | 80 02 0e 10 80 05 00 02 03 00 00 1c 01 0c 00 00
Jul 5 19:54:27 gate pluto[1796]: | 80 03 00 02 80 04 00 01 80 01 00 01 80 02 0e 10
Jul 5 19:54:27 gate pluto[1796]: | 80 05 00 01 03 00 00 1c 02 03 00 00 80 03 00 02
Jul 5 19:54:27 gate pluto[1796]: | 80 04 00 01 80 01 00 01 80 02 0e 10 80 05 00 02
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 1c 03 03 00 00 80 03 00 02 80 04 00 01
Jul 5 19:54:27 gate pluto[1796]: | 80 01 00 01 80 02 0e 10 80 05 00 01 04 00 00 14
Jul 5 19:54:27 gate pluto[1796]: | 9c 67 49 8c 26 dd 66 83 b8 cc f0 61 f7 5c 42 39
Jul 5 19:54:27 gate pluto[1796]: | 05 00 00 84 7e ba dd ad c0 07 80 23 1f ab 90 e9
Jul 5 19:54:27 gate pluto[1796]: | 94 14 a2 22 11 52 7f 59 3a ba fe 89 18 87 b3 74
Jul 5 19:54:27 gate pluto[1796]: | 0f ef f7 ec a9 a0 87 7e ed 12 91 d2 71 ea f9 7f
Jul 5 19:54:27 gate pluto[1796]: | 2a 5f 08 51 36 dc 81 eb 9d e5 15 5d 87 20 4f 1f
Jul 5 19:54:27 gate pluto[1796]: | eb de b8 e5 4c 04 e0 1d fc a0 b0 fa 33 c5 a8 f5
Jul 5 19:54:27 gate pluto[1796]: | 08 b5 12 ec 3d ba 22 ff 2e 58 83 1a 05 d0 e8 b7
Jul 5 19:54:27 gate pluto[1796]: | 05 36 86 6a 2e a5 26 67 05 53 67 85 36 94 4c f7
Jul 5 19:54:27 gate pluto[1796]: | f3 cf 66 eb ef 0b 3d 8e 44 55 5c e9 8b 5a 84 0c
Jul 5 19:54:27 gate pluto[1796]: | cc 86 5f 1e 05 00 00 10 04 00 00 00 c0 a8 03 00
Jul 5 19:54:27 gate pluto[1796]: | ff ff ff 00 00 00 00 10 04 00 00 00 ac 10 18 00
Jul 5 19:54:27 gate pluto[1796]: | ff ff f8 00
Jul 5 19:54:27 gate pluto[1796]: | IV:
Jul 5 19:54:27 gate pluto[1796]: | ee 8a d8 19 85 45 22 1f 0c ed 84 9e a4 53 28 cd
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 zero bytes of encryption padding into ISAKMP Message
Jul 5 19:54:27 gate pluto[1796]: | encrypting using OAKLEY_3DES_CBC
Jul 5 19:54:27 gate pluto[1796]: | next IV: d3 42 47 c1 e0 13 d5 01
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Message: 372
Jul 5 19:54:27 gate pluto[1796]: | sending 372 bytes for quick_outI1 through eth1:500 to 206.107.146.8:500:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 08 10 20 01 77 46 2c 86 00 00 01 74 50 19 67 cb
Jul 5 19:54:27 gate pluto[1796]: | 9b 0c 9c e1 ca 61 ac 4c a9 a5 c6 dd cb 06 c6 e4
Jul 5 19:54:27 gate pluto[1796]: | 17 e2 2b fe c6 59 1d 47 d7 83 5c 68 cb 01 9f dd
Jul 5 19:54:27 gate pluto[1796]: | 3b aa d1 66 4b ce b4 71 53 cf 45 9f b4 14 78 77
Jul 5 19:54:27 gate pluto[1796]: | 8e 30 dd 9d b2 32 b3 bd 20 44 b6 a0 26 e1 97 3c
Jul 5 19:54:27 gate pluto[1796]: | d3 90 72 5d c6 14 95 fb 69 90 e8 43 18 76 0c 98
Jul 5 19:54:27 gate pluto[1796]: | fd a1 67 16 2f b6 ba 0d 24 05 cd 6d b6 be f2 3a
Jul 5 19:54:27 gate pluto[1796]: | 4a 7a 56 ad 02 ad 16 a0 77 5a de e1 7e 30 01 d0
Jul 5 19:54:27 gate pluto[1796]: | 69 e8 20 1e 2b 0f 36 d6 78 55 97 6a fc 5d 9e 7b
Jul 5 19:54:27 gate pluto[1796]: | 94 25 e3 36 47 c0 b8 59 ad 26 15 62 92 bb cc 38
Jul 5 19:54:27 gate pluto[1796]: | 56 2c ad e6 d9 14 bb a0 9f 5e e0 50 ea d6 a7 d3
Jul 5 19:54:27 gate pluto[1796]: | 69 7f 6a 1d 40 82 bb 6d c5 80 48 13 52 88 06 0f
Jul 5 19:54:27 gate pluto[1796]: | d0 47 b0 24 92 45 ca cd af 67 f6 ed cb a8 41 dd
Jul 5 19:54:27 gate pluto[1796]: | ef fb 52 8c f9 ce d9 1c fe 0b 61 db f3 f2 99 ec
Jul 5 19:54:27 gate pluto[1796]: | 6d 18 98 d8 0f 00 a3 d3 5f 71 0d 9a 5a 06 4d 97
Jul 5 19:54:27 gate pluto[1796]: | 19 f4 8e 3d 97 95 a4 9c ce 10 22 cb 7c 51 32 d5
Jul 5 19:54:27 gate pluto[1796]: | 8a 19 ec f7 1e e9 8c 27 e5 6e 09 46 9e 64 ab 22
Jul 5 19:54:27 gate pluto[1796]: | 7c d4 fa a7 29 ba 90 0b 7a 6f b1 cd ce 8a b6 c3
Jul 5 19:54:27 gate pluto[1796]: | 64 81 c1 22 a2 a1 8d 83 ab 6a 1d 03 af fb bd c8
Jul 5 19:54:27 gate pluto[1796]: | cd 70 a8 a3 60 4e f5 3b 63 3f 34 6d 39 64 8b de
Jul 5 19:54:27 gate pluto[1796]: | 13 19 8a bf 20 4a 77 67 4e 77 c7 a8 00 0a e9 8f
Jul 5 19:54:27 gate pluto[1796]: | 54 e9 b7 c9 70 3b 31 c0 1e c4 82 d9 d3 42 47 c1
Jul 5 19:54:27 gate pluto[1796]: | e0 13 d5 01
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Jul 5 19:54:27 gate pluto[1796]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Jul 5 19:54:27 gate pluto[1796]: |
Jul 5 19:54:27 gate pluto[1796]: | *received 292 bytes from 206.107.146.8:500 on eth1 (port=500)
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 08 10 20 01 77 46 2c 86 00 00 01 24 ab de f7 bb
Jul 5 19:54:27 gate pluto[1796]: | e4 47 a4 b2 d0 46 d2 9c d7 41 a2 b4 d7 d1 b7 9d
Jul 5 19:54:27 gate pluto[1796]: | 9e ca a7 b6 9b d9 99 f6 4b 36 a9 66 32 ea 5e 0e
Jul 5 19:54:27 gate pluto[1796]: | 05 3e 52 48 71 2a 45 e7 80 31 f7 13 de e8 4a 60
Jul 5 19:54:27 gate pluto[1796]: | ef 9f fe 99 e1 e1 32 ba 7d 88 d3 4f 2b 32 b5 d9
Jul 5 19:54:27 gate pluto[1796]: | af cd b0 05 95 b2 cd d1 9a 11 d9 22 1c dd 14 f8
Jul 5 19:54:27 gate pluto[1796]: | 24 ce ef 55 aa f6 47 48 27 16 30 07 bf dd b3 8f
Jul 5 19:54:27 gate pluto[1796]: | a1 d4 8e 1c c6 42 d4 77 d8 6d 45 35 62 f7 ef d5
Jul 5 19:54:27 gate pluto[1796]: | 47 67 07 e0 19 f4 00 e4 d8 ec 9c b6 d8 ce 3f da
Jul 5 19:54:27 gate pluto[1796]: | 21 01 57 0e 48 ac f2 e0 f9 5a 73 da 7e 58 10 34
Jul 5 19:54:27 gate pluto[1796]: | af 96 ae c7 a1 1e 69 d9 8d 26 10 ef 9f da 18 03
Jul 5 19:54:27 gate pluto[1796]: | 2b 5f b1 b2 0f 7e f7 19 9d 18 59 ef 2e 2b 43 96
Jul 5 19:54:27 gate pluto[1796]: | be 6d 70 5f ea 54 60 14 67 19 ee 12 cd fa ad 9e
Jul 5 19:54:27 gate pluto[1796]: | 20 b8 5e 8b 46 6d f6 b8 d7 f4 b4 6b 16 80 1c 7a
Jul 5 19:54:27 gate pluto[1796]: | be 9d a4 98 b2 c2 d3 ea 76 97 35 5f 39 a8 bd 38
Jul 5 19:54:27 gate pluto[1796]: | 6a 44 40 09 aa 10 f3 52 92 f8 a8 22 e5 37 f9 14
Jul 5 19:54:27 gate pluto[1796]: | 90 82 78 4c 1a f3 55 f9 a4 92 c4 34 14 56 b1 02
Jul 5 19:54:27 gate pluto[1796]: | 8d e9 97 62
Jul 5 19:54:27 gate pluto[1796]: | **parse ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_HASH
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_QUICK
Jul 5 19:54:27 gate pluto[1796]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 5 19:54:27 gate pluto[1796]: | message ID: 77 46 2c 86
Jul 5 19:54:27 gate pluto[1796]: | length: 292
Jul 5 19:54:27 gate pluto[1796]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Jul 5 19:54:27 gate pluto[1796]: | ICOOKIE: a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | RCOOKIE: 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | peer: ce 6b 92 08
Jul 5 19:54:27 gate pluto[1796]: | state hash entry 30
Jul 5 19:54:27 gate pluto[1796]: | peer and cookies match on #2, provided msgid 77462c86 vs 77462c86
Jul 5 19:54:27 gate pluto[1796]: | state object #2 found, in STATE_QUICK_I1
Jul 5 19:54:27 gate pluto[1796]: | processing connection rfd
Jul 5 19:54:27 gate pluto[1796]: | received encrypted packet from 206.107.146.8:500
Jul 5 19:54:27 gate pluto[1796]: | decrypting 264 bytes using algorithm OAKLEY_3DES_CBC
Jul 5 19:54:27 gate pluto[1796]: | decrypted:
Jul 5 19:54:27 gate pluto[1796]: | 01 00 00 14 0c cd 8b 6b 9d 13 87 d1 78 d3 e5 fc
Jul 5 19:54:27 gate pluto[1796]: | 16 49 79 36 0a 00 00 34 00 00 00 01 00 00 00 01
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 28 01 03 04 01 32 f3 91 94 00 00 00 1c
Jul 5 19:54:27 gate pluto[1796]: | 01 0c 00 00 80 03 00 02 80 04 00 01 80 01 00 01
Jul 5 19:54:27 gate pluto[1796]: | 80 02 0e 10 80 05 00 02 04 00 00 18 5d b2 ae 42
Jul 5 19:54:27 gate pluto[1796]: | f9 36 e8 8e 6d a9 16 1c 51 92 de ec 75 5b 32 d1
Jul 5 19:54:27 gate pluto[1796]: | 05 00 00 84 1f 7f 1d f6 94 76 af 11 7a e8 44 ec
Jul 5 19:54:27 gate pluto[1796]: | ff e3 73 d9 5f 30 79 67 5a a9 29 e2 3d 94 af dc
Jul 5 19:54:27 gate pluto[1796]: | 47 3c 15 ab 40 84 86 29 ef b1 4f bc 12 85 58 38
Jul 5 19:54:27 gate pluto[1796]: | b6 34 26 41 0e 23 ad 65 a0 a5 4c 51 6b 94 ea ea
Jul 5 19:54:27 gate pluto[1796]: | 3c 94 5d 47 5e d3 3b 1b cc 36 58 14 b3 9a 13 f3
Jul 5 19:54:27 gate pluto[1796]: | 21 9d cc 76 a4 e1 35 ef 35 bc f4 e9 d4 fb b2 b4
Jul 5 19:54:27 gate pluto[1796]: | cd 7c 07 67 ba d7 01 b8 af d4 ee a4 37 0b 12 2a
Jul 5 19:54:27 gate pluto[1796]: | c2 d2 4c e0 17 38 de f0 29 8d 49 77 7c 41 68 53
Jul 5 19:54:27 gate pluto[1796]: | f0 91 ad 45 05 00 00 10 04 00 00 00 c0 a8 03 00
Jul 5 19:54:27 gate pluto[1796]: | ff ff ff 00 00 00 00 10 04 00 00 00 ac 10 18 00
Jul 5 19:54:27 gate pluto[1796]: | ff ff f8 00 00 00 00 03
Jul 5 19:54:27 gate pluto[1796]: | next IV: 14 56 b1 02 8d e9 97 62
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Hash Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_SA
Jul 5 19:54:27 gate pluto[1796]: | length: 20
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Security Association Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONCE
Jul 5 19:54:27 gate pluto[1796]: | length: 52
Jul 5 19:54:27 gate pluto[1796]: | DOI: ISAKMP_DOI_IPSEC
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Nonce Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_KE
Jul 5 19:54:27 gate pluto[1796]: | length: 24
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Key Exchange Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | length: 132
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_ID
Jul 5 19:54:27 gate pluto[1796]: | length: 16
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 5 19:54:27 gate pluto[1796]: | Protocol ID: 0
Jul 5 19:54:27 gate pluto[1796]: | port: 0
Jul 5 19:54:27 gate pluto[1796]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | length: 16
Jul 5 19:54:27 gate pluto[1796]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 5 19:54:27 gate pluto[1796]: | Protocol ID: 0
Jul 5 19:54:27 gate pluto[1796]: | port: 0
Jul 5 19:54:27 gate pluto[1796]: | removing 4 bytes of padding
Jul 5 19:54:27 gate pluto[1796]: | **emit ISAKMP Message:
Jul 5 19:54:27 gate pluto[1796]: | initiator cookie:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b
Jul 5 19:54:27 gate pluto[1796]: | responder cookie:
Jul 5 19:54:27 gate pluto[1796]: | 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_HASH
Jul 5 19:54:27 gate pluto[1796]: | ISAKMP version: ISAKMP Version 1.0
Jul 5 19:54:27 gate pluto[1796]: | exchange type: ISAKMP_XCHG_QUICK
Jul 5 19:54:27 gate pluto[1796]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 5 19:54:27 gate pluto[1796]: | message ID: 77 46 2c 86
Jul 5 19:54:27 gate pluto[1796]: | HASH(2) computed:
Jul 5 19:54:27 gate pluto[1796]: | 0c cd 8b 6b 9d 13 87 d1 78 d3 e5 fc 16 49 79 36
Jul 5 19:54:27 gate pluto[1796]: | ****parse IPsec DOI SIT:
Jul 5 19:54:27 gate pluto[1796]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 5 19:54:27 gate pluto[1796]: | ****parse ISAKMP Proposal Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | length: 40
Jul 5 19:54:27 gate pluto[1796]: | proposal number: 1
Jul 5 19:54:27 gate pluto[1796]: | protocol ID: PROTO_IPSEC_ESP
Jul 5 19:54:27 gate pluto[1796]: | SPI size: 4
Jul 5 19:54:27 gate pluto[1796]: | number of transforms: 1
Jul 5 19:54:27 gate pluto[1796]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Jul 5 19:54:27 gate pluto[1796]: | SPI 32 f3 91 94
Jul 5 19:54:27 gate pluto[1796]: | *****parse ISAKMP Transform Payload (ESP):
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | length: 28
Jul 5 19:54:27 gate pluto[1796]: | transform number: 1
Jul 5 19:54:27 gate pluto[1796]: | transform ID: ESP_AES
Jul 5 19:54:27 gate pluto[1796]: | ******parse ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: GROUP_DESCRIPTION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 5 19:54:27 gate pluto[1796]: | ******parse ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: ENCAPSULATION_MODE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 5 19:54:27 gate pluto[1796]: | ******parse ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_TYPE
Jul 5 19:54:27 gate pluto[1796]: | length/value: 1
Jul 5 19:54:27 gate pluto[1796]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 5 19:54:27 gate pluto[1796]: | ******parse ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: SA_LIFE_DURATION
Jul 5 19:54:27 gate pluto[1796]: | length/value: 3600
Jul 5 19:54:27 gate pluto[1796]: | ******parse ISAKMP IPsec DOI attribute:
Jul 5 19:54:27 gate pluto[1796]: | af+type: AUTH_ALGORITHM
Jul 5 19:54:27 gate pluto[1796]: | length/value: 2
Jul 5 19:54:27 gate pluto[1796]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 5 19:54:27 gate pluto[1796]: | DH public value received:
Jul 5 19:54:27 gate pluto[1796]: | 1f 7f 1d f6 94 76 af 11 7a e8 44 ec ff e3 73 d9
Jul 5 19:54:27 gate pluto[1796]: | 5f 30 79 67 5a a9 29 e2 3d 94 af dc 47 3c 15 ab
Jul 5 19:54:27 gate pluto[1796]: | 40 84 86 29 ef b1 4f bc 12 85 58 38 b6 34 26 41
Jul 5 19:54:27 gate pluto[1796]: | 0e 23 ad 65 a0 a5 4c 51 6b 94 ea ea 3c 94 5d 47
Jul 5 19:54:27 gate pluto[1796]: | 5e d3 3b 1b cc 36 58 14 b3 9a 13 f3 21 9d cc 76
Jul 5 19:54:27 gate pluto[1796]: | a4 e1 35 ef 35 bc f4 e9 d4 fb b2 b4 cd 7c 07 67
Jul 5 19:54:27 gate pluto[1796]: | ba d7 01 b8 af d4 ee a4 37 0b 12 2a c2 d2 4c e0
Jul 5 19:54:27 gate pluto[1796]: | 17 38 de f0 29 8d 49 77 7c 41 68 53 f0 91 ad 45
Jul 5 19:54:27 gate pluto[1796]: | started looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:27 gate pluto[1796]: | actually looking for secret for 69.174.129.33->206.107.146.8 of kind PPK_PSK
Jul 5 19:54:27 gate pluto[1796]: | 1: compared PSK 206.107.146.8 to 69.174.129.33 / 206.107.146.8 -> 2
Jul 5 19:54:27 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 6
Jul 5 19:54:27 gate pluto[1796]: | best_match 0>6 best=0x80fa248 (line=15)
Jul 5 19:54:27 gate pluto[1796]: | 1: compared PSK 143.247.7.28 to 69.174.129.33 / 206.107.146.8 -> 0
Jul 5 19:54:27 gate pluto[1796]: | 2: compared PSK 69.174.129.33 to 69.174.129.33 / 206.107.146.8 -> 4
Jul 5 19:54:27 gate pluto[1796]: | concluding with best_match=6 best=0x80fa248 (lineno=15)
Jul 5 19:54:27 gate pluto[1796]: | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 8447 usec
Jul 5 19:54:27 gate pluto[1796]: | DH shared secret:
Jul 5 19:54:27 gate pluto[1796]: | b2 fb 14 c4 a4 27 55 89 2c bf 9e 81 f9 21 18 48
Jul 5 19:54:27 gate pluto[1796]: | b9 d7 a1 80 50 a2 c3 72 4e 33 a8 db 72 41 ef f9
Jul 5 19:54:27 gate pluto[1796]: | 6e 76 ab fc 7a 80 ad b8 5a 1e 56 67 25 62 02 fd
Jul 5 19:54:27 gate pluto[1796]: | 2a 52 39 fe 7a c1 77 09 a8 b5 bf 1d 47 80 65 63
Jul 5 19:54:27 gate pluto[1796]: | 4a 0b 2e 5f 57 84 55 7e 66 e3 d0 cc d9 a0 c5 13
Jul 5 19:54:27 gate pluto[1796]: | 51 fa 5c a2 08 c3 0d ce d7 a4 df 1f 78 5a d9 fa
Jul 5 19:54:27 gate pluto[1796]: | 0d b1 85 ce 67 6e 09 5a 6b 3a ae ea e4 cb 7a 43
Jul 5 19:54:27 gate pluto[1796]: | e7 27 97 c1 7f b5 d6 5c e9 a5 b4 ec 81 ad fb 5d
Jul 5 19:54:27 gate pluto[1796]: | our client is subnet 192.168.3.0/24
Jul 5 19:54:27 gate pluto[1796]: | our client protocol/port is 0/0
Jul 5 19:54:27 gate pluto[1796]: | peer client is subnet 172.16.24.0/21
Jul 5 19:54:27 gate pluto[1796]: | peer client protocol/port is 0/0
Jul 5 19:54:27 gate pluto[1796]: | ***emit ISAKMP Hash Payload:
Jul 5 19:54:27 gate pluto[1796]: | next payload type: ISAKMP_NEXT_NONE
Jul 5 19:54:27 gate pluto[1796]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Hash Payload: 20
Jul 5 19:54:27 gate pluto[1796]: | HASH(3) computed: 60 8c a8 b7 9f 1d eb d2 2b ab 7d 5a fc 71 cb 9b
Jul 5 19:54:27 gate pluto[1796]: | compute_proto_keymat:needed_len (after ESP enc)=16
Jul 5 19:54:27 gate pluto[1796]: | compute_proto_keymat:needed_len (after ESP auth)=36
Jul 5 19:54:27 gate pluto[1796]: | KEYMAT computed:
Jul 5 19:54:27 gate pluto[1796]: | a3 16 4b ca 59 4e c5 2c 84 d0 6c a1 40 6a 92 a0
Jul 5 19:54:27 gate pluto[1796]: | 7c c5 ef 82 5b e6 30 9c 05 09 1d e4 38 a1 90 73
Jul 5 19:54:27 gate pluto[1796]: | 3e 8b c0 40
Jul 5 19:54:27 gate pluto[1796]: | Peer KEYMAT computed:
Jul 5 19:54:27 gate pluto[1796]: | b6 d1 e1 b1 ac d8 3b bd 7d 45 6c 09 a1 ea 80 29
Jul 5 19:54:27 gate pluto[1796]: | f7 50 0e e9 7a 10 16 17 54 60 ce cf fa ef 38 9f
Jul 5 19:54:27 gate pluto[1796]: | b1 36 7f 0d
Jul 5 19:54:27 gate pluto[1796]: | install_ipsec_sa() for #2: inbound and outbound
Jul 5 19:54:27 gate pluto[1796]: | route owner of "rfd" unrouted: NULL; eroute owner: NULL
Jul 5 19:54:27 gate pluto[1796]: | could_route called for rfd (kind=CK_PERMANENT)
Jul 5 19:54:27 gate pluto[1796]: | looking for alg with transid: 12 keylen: 0 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 11 keylen: 0 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 11 keylen: 0 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | add inbound eroute 172.16.24.0/21:0 --0-> 192.168.3.0/24:0 => tun.10000 at 69.174.129.33 (raw_eroute)
Jul 5 19:54:27 gate pluto[1796]: | looking for alg with transid: 12 keylen: 0 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 11 keylen: 0 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 11 keylen: 0 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 2 keylen: 8 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 3 keylen: 24 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 0
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 1
Jul 5 19:54:27 gate pluto[1796]: | checking transid: 12 keylen: 16 auth: 2
Jul 5 19:54:27 gate pluto[1796]: | sr for #2: unrouted
Jul 5 19:54:27 gate pluto[1796]: | route owner of "rfd" unrouted: NULL; eroute owner: NULL
Jul 5 19:54:27 gate pluto[1796]: | route_and_eroute with c: rfd (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Jul 5 19:54:27 gate pluto[1796]: | eroute_connection add eroute 192.168.3.0/24:0 --0-> 172.16.24.0/21:0 => tun.0 at 206.107.146.8 (raw_eroute)
Jul 5 19:54:27 gate pluto[1796]: | command executing up-client
Jul 5 19:54:27 gate pluto[1796]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='rfd' PLUTO_NEXT_HOP='69.174.129.1' PLUTO_INTERFACE='eth1' PLUTO_ME='69.174.129.33' PLUTO_MY_ID='69.174.129.33' PLUTO_MY_CLIENT='192.168.3.0/24' PLUTO_MY_CLIENT_NET='192.168.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='206.107.146.8' PLUTO_PEER_ID='206.107.146.8' PLUTO_PEER_CLIENT='172.16.24.0/21' PLUTO_PEER_CLIENT_NET='172.16.24.0' PLUTO_PEER_CLIENT_MASK='255.255.248.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 5 19:54:27 gate pluto[1796]: | route_and_eroute: firewall_notified: true
Jul 5 19:54:27 gate pluto[1796]: | command executing prepare-client
Jul 5 19:54:27 gate pluto[1796]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='rfd' PLUTO_NEXT_HOP='69.174.129.1' PLUTO_INTERFACE='eth1' PLUTO_ME='69.174.129.33' PLUTO_MY_ID='69.174.129.33' PLUTO_MY_CLIENT='192.168.3.0/24' PLUTO_MY_CLIENT_NET='192.168.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='206.107.146.8' PLUTO_PEER_ID='206.107.146.8' PLUTO_PEER_CLIENT='172.16.24.0/21' PLUTO_PEER_CLIENT_NET='172.16.24.0' PLUTO_PEER_CLIENT_MASK='255.255.248.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 5 19:54:27 gate pluto[1796]: | command executing route-client
Jul 5 19:54:27 gate pluto[1796]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='rfd' PLUTO_NEXT_HOP='69.174.129.1' PLUTO_INTERFACE='eth1' PLUTO_ME='69.174.129.33' PLUTO_MY_ID='69.174.129.33' PLUTO_MY_CLIENT='192.168.3.0/24' PLUTO_MY_CLIENT_NET='192.168.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='206.107.146.8' PLUTO_PEER_ID='206.107.146.8' PLUTO_PEER_CLIENT='172.16.24.0/21' PLUTO_PEER_CLIENT_NET='172.16.24.0' PLUTO_PEER_CLIENT_MASK='255.255.248.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 5 19:54:27 gate pluto[1796]: | route_and_eroute: instance "rfd", setting eroute_owner {spd=0x80fa394,sr=0x80fa394} to #2 (was #0) (newest_ipsec_sa=#0)
Jul 5 19:54:27 gate pluto[1796]: | encrypting:
Jul 5 19:54:27 gate pluto[1796]: | 00 00 00 14 60 8c a8 b7 9f 1d eb d2 2b ab 7d 5a
Jul 5 19:54:27 gate pluto[1796]: | fc 71 cb 9b
Jul 5 19:54:27 gate pluto[1796]: | IV:
Jul 5 19:54:27 gate pluto[1796]: | 14 56 b1 02 8d e9 97 62
Jul 5 19:54:27 gate pluto[1796]: | emitting 4 zero bytes of encryption padding into ISAKMP Message
Jul 5 19:54:27 gate pluto[1796]: | encrypting using OAKLEY_3DES_CBC
Jul 5 19:54:27 gate pluto[1796]: | next IV: f5 5a 4f 90 e9 fa 0a 47
Jul 5 19:54:27 gate pluto[1796]: | emitting length of ISAKMP Message: 52
Jul 5 19:54:27 gate pluto[1796]: | inR1_outI2: instance rfd[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Jul 5 19:54:27 gate pluto[1796]: | complete state transition with STF_OK
Jul 5 19:54:27 gate pluto[1796]: "rfd" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 5 19:54:27 gate pluto[1796]: | sending reply packet to 206.107.146.8:500 (from port=500)
Jul 5 19:54:27 gate pluto[1796]: | sending 52 bytes for STATE_QUICK_I1 through eth1:500 to 206.107.146.8:500:
Jul 5 19:54:27 gate pluto[1796]: | a8 7f 08 72 5e 09 a1 3b 38 fd d1 9d 84 7b ee 13
Jul 5 19:54:27 gate pluto[1796]: | 08 10 20 01 77 46 2c 86 00 00 00 34 23 f6 c0 5e
Jul 5 19:54:27 gate pluto[1796]: | 45 57 58 ee 95 ca ad 1c 3a dd 7c d8 f5 5a 4f 90
Jul 5 19:54:27 gate pluto[1796]: | e9 fa 0a 47
Jul 5 19:54:27 gate pluto[1796]: | inserting event EVENT_SA_REPLACE, timeout in 2561 seconds for #2
Jul 5 19:54:27 gate pluto[1796]: "rfd" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x32f39194 <0xfe3afc89 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Jul 5 19:54:27 gate pluto[1796]: | modecfg pull: noquirk policy:push not-client
Jul 5 19:54:27 gate pluto[1796]: | phase 1 is done, looking for phase 1 to unpend
Jul 5 19:54:27 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 107 seconds
Jul 5 19:55:03 gate pluto[1796]: |
Jul 5 19:55:03 gate pluto[1796]: | *received whack message
Jul 5 19:55:03 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 71 seconds
Jul 5 19:55:03 gate pluto[1796]: |
Jul 5 19:55:03 gate pluto[1796]: | *received whack message
Jul 5 19:55:03 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 71 seconds
Jul 5 19:55:04 gate pluto[1796]: |
Jul 5 19:55:04 gate pluto[1796]: | *received whack message
Jul 5 19:55:04 gate pluto[1796]: | next event EVENT_PENDING_PHASE2 in 70 seconds
+ _________________________ date
+ date
Wed Jul 5 19:55:04 EDT 2006
-------------- next part --------------
eth0 Link encap:Ethernet HWaddr 00:50:DA:21:7F:63
inet addr:192.168.3.1 Bcast:192.168.3.127 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17485 errors:0 dropped:0 overruns:1 frame:0
TX packets:18765 errors:0 dropped:0 overruns:0 carrier:0
collisions:57 txqueuelen:1000
RX bytes:3093562 (2.9 Mb) TX bytes:18624069 (17.7 Mb)
Interrupt:10 Base address:0xe800
eth1 Link encap:Ethernet HWaddr 00:00:C0:FC:16:B0
inet addr:69.174.129.33 Bcast:69.174.143.255 Mask:255.255.240.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26176 errors:0 dropped:0 overruns:1 frame:0
TX packets:16169 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18962772 (18.0 Mb) TX bytes:2987247 (2.8 Mb)
Interrupt:3 Base address:0xc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2776 (2.7 Kb) TX bytes:2776 (2.7 Kb)
-------------- next part --------------
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.3.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0
172.16.24.0 69.174.129.1 255.255.248.0 UG 0 0 0 eth1
69.174.128.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 69.174.128.1 0.0.0.0 UG 0 0 0 eth1
More information about the Users
mailing list