[Openswan Users] Link seems to be up however no traffic.
doug.johnson at vifanusa.com
doug.johnson at vifanusa.com
Tue Jul 18 11:28:30 CEST 2006
Hi gang!
Having a few problems trying to finalize an IPSEC connection between two
Linux boxes (FC4 & FC5). I could not get a connection established between
Openswan to Watchguard Firebox so I am backing up and trying Openswan to
Openswan before I go there. I have two Fedora boxes that have Openswan
installed on them and am having problems with the setup. The connection
establishes but I cannot ping an internal IP address on the other network.
I guess I expected to see an IPSEC device in ifconfig but I do not see
one. Doing a traceroute the packets go through the default route to the
internet and then !H and die. Looking through the BARF (pasted below) I
see some NULL's in the eroute and think that is not correct. Also the
whacks seem to concern me but I am not sure what they are. Any help would
be appreciated.
Here is the setup of the two machines:
FC4:
Linux 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386
GNU/Linux
FC5:
Linux 2.6.17-1.2145_FC5 #1 Sat Jul 1 13:03:45 EDT 2006 i686 i686 i386
GNU/Linux
openswan-2.4.4-1.1.2.1
CONFIG FILE:
####################################################################
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# nat_traversal = no
klipsdebug = all
plutodebug = all
conn net-to-net
authby=secret
left=68.106.151.150 # Local vitals
leftsubnet=10.81.0.0/16 #
leftnexthop=68.108.91.73 # correct in many situations
right=68.108.91.73 # Remote vitals
rightsubnet=192.168.50.0/24 #
rightnexthop=68.106.151.150 # correct in many situations
auto=add # add but doesn't start this
# connection at
include /etc/ipsec.d/*.conf
####################################################################
BARF
####################################################################
Unable to find KLIPS messages, typically found in /var/log/messages or
equivalent. You may need to run Openswan for the first time;
alternatively, your log files have been emptied (ie, logwatch) or we do
not understand your logging configuration.
fc4.pceoffice.com
Tue Jul 18 08:06:17 EDT 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.11-1.1369_FC4 (bhcompile at decompose.build.redhat.com)
(gcc version 4.0.0 20050525 (Red Hat 4.0.0-9)) #1 Thu Jun 2 22:55:56 EDT
2005
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.50.75 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.108.80.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
10.81.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 68.108.80.1 0.0.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
68.108.91.73 68.106.151.150
esp mode=tunnel spi=2093021935(0x7cc0faef) reqid=16385(0x00004001)
E: aes-cbc 4a38e993 19cfada0 3d31c493 6df1a5ac
A: hmac-sha1 fd0973e6 54933da4 bf8a0d44 5aa4ccee 5ada3e4f
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jul 18 08:04:53 2006 current: Jul 18 08:06:18 2006
diff: 85(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=1450 refcnt=0
68.106.151.150 68.108.91.73
esp mode=tunnel spi=2751907170(0xa406c562) reqid=16385(0x00004001)
E: aes-cbc da212811 71c62840 1eede8ea 460c852f
A: hmac-sha1 5ddeb138 9d11abce 76410075 ff2e33ef fa67853e
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Jul 18 08:04:53 2006 current: Jul 18 08:06:18 2006
diff: 85(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=1450 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
10.81.0.0/16[any] 192.168.50.0/24[any] any
in prio high + 1073739472 ipsec
esp/tunnel/68.106.151.150-68.108.91.73/unique#16385
created: Jul 18 08:04:53 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10704 seq=16 pid=1451
refcnt=1
192.168.50.0/24[any] 10.81.0.0/16[any] any
out prio high + 1073739472 ipsec
esp/tunnel/68.108.91.73-68.106.151.150/unique#16385
created: Jul 18 08:04:53 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10721 seq=15 pid=1451
refcnt=1
10.81.0.0/16[any] 192.168.50.0/24[any] any
fwd prio high + 1073739472 ipsec
esp/tunnel/68.106.151.150-68.108.91.73/unique#16385
created: Jul 18 08:04:53 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10714 seq=14 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10691 seq=13 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10675 seq=12 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused: Jul 18 08:04:52 2006
lifetime: 0(s) validtime: 0(s)
spid=10659 seq=11 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10643 seq=10 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10627 seq=9 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10611 seq=8 pid=1451
refcnt=1
(per-socket policy)
in none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10595 seq=7 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10700 seq=6 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10684 seq=5 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused: Jul 18 08:04:54 2006
lifetime: 0(s) validtime: 0(s)
spid=10668 seq=4 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10652 seq=3 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10636 seq=2 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10620 seq=1 pid=1451
refcnt=1
(per-socket policy)
out none
created: Jul 18 08:04:41 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=10604 seq=0 pid=1451
refcnt=1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 68.108.91.73
000 interface eth1/eth1 192.168.50.10
000 interface eth1:1/eth1:1 192.168.50.20
000 interface eth1:2/eth1:2 192.168.50.21
000 interface ppp0/ppp0 192.168.50.74
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pf
key+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "net-to-net":
192.168.50.0/24===68.108.91.73...68.106.151.150===10.81.0.0/16; erouted;
eroute owner: #2
000 "net-to-net": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "net-to-net": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "net-to-net": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 16,24;
interface: eth0;
000 "net-to-net": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "net-to-net": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000
000 #2: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 28172s; newest IPSEC; eroute owner
000 #2: "net-to-net" esp.7cc0faef at 68.106.151.150 esp.a406c562 at 68.108.91.73
tun.0 at 68.106.151.150 tun.0 at 68.108.91.73
000 #1: "net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2780s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:04:76:CE:78:BB
inet addr:68.108.91.73 Bcast:255.255.255.255 Mask:255.255.240.0
inet6 addr: fe80::204:76ff:fece:78bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10944864 errors:0 dropped:0 overruns:0 frame:0
TX packets:202857 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:735939253 (701.8 MiB) TX bytes:30258269 (28.8 MiB)
Interrupt:5 Base address:0x2080
eth1 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
inet addr:192.168.50.10 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::208:c7ff:feba:2499/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:118467 errors:0 dropped:0 overruns:0 frame:0
TX packets:109723 errors:0 dropped:0 overruns:0 carrier:0
collisions:215 txqueuelen:1000
RX bytes:15679966 (14.9 MiB) TX bytes:46571305 (44.4 MiB)
eth1:1 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
inet addr:192.168.50.20 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1:2 Link encap:Ethernet HWaddr 00:08:C7:BA:24:99
inet addr:192.168.50.21 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2568 errors:0 dropped:0 overruns:0 frame:0
TX packets:2568 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3094153 (2.9 MiB) TX bytes:3094153 (2.9 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.50.74 P-t-P:192.168.50.75 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:2456 errors:0 dropped:0 overruns:0 frame:0
TX packets:1988 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:180346 (176.1 KiB) TX bytes:237750 (232.1 KiB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:76:ce:78:bb brd ff:ff:ff:ff:ff:ff
inet 68.108.91.73/20 brd 255.255.255.255 scope global eth0
inet6 fe80::204:76ff:fece:78bb/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:08:c7:ba:24:99 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.10/24 brd 192.168.50.255 scope global eth1
inet 192.168.50.20/24 brd 192.168.50.255 scope global secondary eth1:1
inet 192.168.50.21/24 brd 192.168.50.255 scope global secondary eth1:2
inet6 fe80::208:c7ff:feba:2499/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1396 qdisc pfifo_fast qlen 3
link/ppp
inet 192.168.50.74 peer 192.168.50.75/32 scope global ppp0
+ _________________________ ip-route-list
+ ip route list
192.168.50.75 dev ppp0 proto kernel scope link src 192.168.50.74
192.168.50.0/24 dev eth1 proto kernel scope link src 192.168.50.10
68.108.80.0/20 dev eth0 proto kernel scope link src 68.108.91.73
10.81.0.0/16 dev eth0 scope link
169.254.0.0/16 dev eth1 scope link
default via 68.108.80.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: no autonegotiation, 10baseT-HD, link ok
product info: Intel 82555 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
fc4.pceoffice.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
08:06:21 up 4 days, 14:30, 4 users, load average: 0.80, 0.47, 0.24
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 1329 32269 17 0 4336 1084 wait S+ pts/4 0:00 \_ /bin/sh
/usr/libexec/ipsec/barf
0 0 1509 1329 17 0 1688 508 pipe_w S+ pts/4 0:00 \_ egrep -i
ppid|pluto|ipsec|klips
1 0 1211 1 18 0 2300 1108 wait S pts/3 0:00 /bin/sh
/usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--strictcrlpolicy --nat_traversal --keep_alive --protostack auto
--force_keepalive --disable_port_floating --virtual_private
--crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 1212 1211 18 0 2300 1116 wait S pts/3 0:00 \_ /bin/sh
/usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--strictcrlpolicy --nat_traversal --keep_alive --protostack auto
--force_keepalive --disable_port_floating --virtual_private
--crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 1213 1212 16 0 2656 1388 - S pts/3 0:00 | \_ /usr/libexec/ipsec/pluto
--nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d
--debug-all --use-auto --uniqueids
1 0 1219 1213 26 10 2596 972 - SN pts/3 0:00 | \_ pluto helper # 0
0 0 1250 1213 16 0 1488 296 - S pts/3 0:00 | \_ _pluto_adns -d
0 0 1214 1211 15 0 2300 1088 pipe_w S pts/3 0:00 \_ /bin/sh
/usr/lib/ipsec/_plutoload --wait no --post
0 0 1215 1 18 0 1552 380 pipe_w S pts/3 0:00 logger -s -p daemon.error -t
ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=68.108.91.73
routenexthop=68.108.80.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# nat_traversal = no
# interfaces = ipsec0=eth0
klipsdebug = all
plutodebug = all
conn net-to-net
authby=secret
left=68.106.151.150 # Local vitals
leftsubnet=10.81.0.0/16 #
leftnexthop=68.108.91.73 # correct in many situations
right=68.108.91.73 # Remote vitals
rightsubnet=192.168.50.0/24 #
rightnexthop=68.106.151.150 # correct in many situations
auto=add # add but doesn't start this
# connection at
#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 34
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec.secrets
#< /etc/ipsec.secrets 1
68.108.91.73 68.106.151.150: PSK "[sums to cc8f...]"
#< /etc/ipsec.d/hostkey.secrets 1
: RSA {
# RSA 2192 bits fc4.pceoffice.com Sun Jul 16 14:26:21 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQOv+JdPg]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
#> /etc/ipsec.secrets 4
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 164
-rwxr-xr-x 1 root root 15535 Nov 21 2005 _confread
-rwxr-xr-x 1 root root 14320 Nov 21 2005 _copyright
-rwxr-xr-x 1 root root 2379 Nov 21 2005 _include
-rwxr-xr-x 1 root root 1475 Nov 21 2005 _keycensor
-rwxr-xr-x 1 root root 3586 Nov 21 2005 _plutoload
-rwxr-xr-x 1 root root 7431 Nov 21 2005 _plutorun
-rwxr-xr-x 1 root root 12275 Nov 21 2005 _realsetup
-rwxr-xr-x 1 root root 1975 Nov 21 2005 _secretcensor
-rwxr-xr-x 1 root root 9778 Nov 21 2005 _startklips
-rwxr-xr-x 1 root root 13417 Nov 21 2005 _updown
-rwxr-xr-x 1 root root 15746 Nov 21 2005 _updown_x509
-rwxr-xr-x 1 root root 1942 Nov 21 2005 ipsec_pr.template
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 3260
-rwxr-xr-x 1 root root 27595 Nov 21 2005 _pluto_adns
-rwxr-xr-x 1 root root 19081 Nov 21 2005 auto
-rwxr-xr-x 1 root root 10584 Nov 21 2005 barf
-rwxr-xr-x 1 root root 816 Nov 21 2005 calcgoo
-rwxr-xr-x 1 root root 192608 Nov 21 2005 eroute
-rwxr-xr-x 1 root root 59461 Nov 21 2005 ikeping
-rwxr-xr-x 1 root root 127465 Nov 21 2005 klipsdebug
-rwxr-xr-x 1 root root 1836 Nov 21 2005 livetest
-rwxr-xr-x 1 root root 2605 Nov 21 2005 look
-rwxr-xr-x 1 root root 7153 Nov 21 2005 mailkey
-rwxr-xr-x 1 root root 15996 Nov 21 2005 manual
-rwxr-xr-x 1 root root 1926 Nov 21 2005 newhostkey
-rwxr-xr-x 1 root root 112598 Nov 21 2005 pf_key
-rwxr-xr-x 1 root root 1830953 Nov 21 2005 pluto
-rwxr-xr-x 1 root root 24296 Nov 21 2005 ranbits
-rwxr-xr-x 1 root root 47920 Nov 21 2005 rsasigkey
-rwxr-xr-x 1 root root 766 Nov 21 2005 secrets
-rwxr-xr-x 1 root root 17636 Nov 21 2005 send-pr
lrwxrwxrwx 1 root root 22 Jul 16 14:26 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Nov 21 2005 showdefaults
-rwxr-xr-x 1 root root 4748 Nov 21 2005 showhostkey
-rwxr-xr-x 1 root root 311070 Nov 21 2005 spi
-rwxr-xr-x 1 root root 157995 Nov 21 2005 spigrp
-rwxr-xr-x 1 root root 25354 Nov 21 2005 tncfg
-rwxr-xr-x 1 root root 10607 Nov 21 2005 verify
-rwxr-xr-x 1 root root 131328 Nov 21 2005 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 3094153 2568 0 0 0 0 0 0 3094153 2568 0 0 0 0 0 0
eth0:735953953 10945062 0 0 0 0 0 0 30300725 203013 0 0 0 0 0 0
eth1:15679966 118467 0 0 0 0 0 0 46571305 109723 0 0 0 215 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ppp0: 183610 2528 0 0 0 0 0 0 271158 2130 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
ppp0 4B32A8C0 00000000 0005 0 0 0 FFFFFFFF 0 0 0
eth1 0032A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 00507644 00000000 0001 0 0 0 00F0FFFF 0 0 0
eth0 0000510A 00000000 0001 0 0 0 0000FFFF 0 0 0
eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
eth0 00000000 01507644 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
lo/rp_filter ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:0
eth1/rp_filter:0
lo/rp_filter:0
ppp0/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux fc4.pceoffice.com 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005
i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 4 (Stentz)
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.11-1.1369_FC4) support detected '
NETKEY (2.6.11-1.1369_FC4) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm
firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
334 25272 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 192.168.50.171 0.0.0.0/0
290 20088 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy DROP 9663 packets, 3570K bytes)
pkts bytes target prot opt in out source destination
54 211K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
317 41886 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
48 3538 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 192.168.50.0/24 0.0.0.0/0
123 17784 ACCEPT all -- eth0 * 68.106.151.150 0.0.0.0/0
4750 417K ACCEPT 47 -- eth0 * 0.0.0.0/0 0.0.0.0/0
106 5444 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
3348 243K ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
14088 4046K ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
0 0 ACCEPT esp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 23467 packets, 3218K bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain OUTPUT (policy ACCEPT 4870 packets, 354K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1736 packets, 107K bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 87880 packets, 30M bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain FORWARD (policy ACCEPT 111K packets, 23M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 178K packets, 33M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 159K packets, 25M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 269K packets, 48M bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 288K packets, 56M bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
xfrm4_tunnel 3909 0 - Live 0xd085a000
af_key 33489 0 - Live 0xd0a85000
ppp_mppe 15232 2 - Live 0xd0a61000
ppp_async 12865 1 - Live 0xd0a4c000
crc_ccitt 2113 1 ppp_async, Live 0xd0a15000
ppp_generic 39572 6 ppp_mppe,ppp_async, Live 0xd0a6f000
slhc 7105 1 ppp_generic, Live 0xd0a20000
iptable_mangle 2753 0 - Live 0xd0a13000
deflate 3905 0 - Live 0xd099f000
zlib_deflate 22745 1 deflate, Live 0xd0a45000
twofish 44097 0 - Live 0xd0a55000
serpent 21953 0 - Live 0xd0a3e000
blowfish 9153 0 - Live 0xd0a33000
sha256 10561 0 - Live 0xd0a2f000
crypto_null 2241 0 - Live 0xd0a1e000
aes_i586 38081 2 - Live 0xd0a24000
des 11713 0 - Live 0xd0a06000
ipcomp 7881 0 - Live 0xd0a1b000
esp4 8001 2 - Live 0xd0a0d000
ah4 6209 0 - Live 0xd0a0a000
ipt_MASQUERADE 3265 0 - Live 0xd09a1000
ipt_state 1857 2 - Live 0xd09c6000
iptable_filter 2881 1 - Live 0xd099d000
ip_nat_ftp 3393 0 - Live 0xd0816000
iptable_nat 21917 2 ipt_MASQUERADE,ip_nat_ftp, Live 0xd09b2000
ip_tables 19521 5
iptable_mangle,ipt_MASQUERADE,ipt_state,iptable_filter,iptable_nat, Live
0xd09ac000
ip_conntrack_ftp 73297 1 ip_nat_ftp, Live 0xd09f3000
ip_conntrack 41497 5
ipt_MASQUERADE,ipt_state,ip_nat_ftp,iptable_nat,ip_conntrack_ftp, Live
0xd09ba000
parport_pc 28933 1 - Live 0xd09a3000
lp 13001 0 - Live 0xd0950000
parport 40585 2 parport_pc,lp, Live 0xd08f0000
autofs4 29253 2 - Live 0xd0947000
sunrpc 167813 1 - Live 0xd09c9000
md5 4033 1 - Live 0xd0842000
ipv6 268097 20 - Live 0xd0955000
uhci_hcd 35152 0 - Live 0xd08fc000
i2c_piix4 8657 0 - Live 0xd0854000
i2c_core 21569 1 i2c_piix4, Live 0xd085c000
e100 47297 0 - Live 0xd08e3000
3c59x 45033 0 - Live 0xd0864000
mii 5441 2 e100,3c59x, Live 0xd081d000
floppy 65269 0 - Live 0xd08d2000
dm_snapshot 17413 0 - Live 0xd0839000
dm_zero 2113 0 - Live 0xd0814000
dm_mirror 26029 0 - Live 0xd0831000
ext3 132553 2 - Live 0xd08b0000
jbd 86233 1 ext3, Live 0xd0871000
dm_mod 58101 6 dm_snapshot,dm_zero,dm_mirror, Live 0xd0844000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 255684 kB
MemFree: 33808 kB
Buffers: 1004 kB
Cached: 91260 kB
SwapCached: 0 kB
Active: 176924 kB
Inactive: 14664 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 255684 kB
LowFree: 33808 kB
SwapTotal: 524280 kB
SwapFree: 523460 kB
Dirty: 256 kB
Writeback: 0 kB
Mapped: 136832 kB
Slab: 22320 kB
CommitLimit: 652120 kB
Committed_AS: 368296 kB
PageTables: 3636 kB
VmallocTotal: 770040 kB
VmallocUsed: 2576 kB
VmallocChunk: 764228 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.11-1.1369_FC4/build/.config
++ uname -r
+ cat /lib/modules/2.6.11-1.1369_FC4/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=m
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=m
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=m
CONFIG_IP_ROUTE_MULTIPATH_DRR=m
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_TUNNEL=m
CONFIG_IP_TCPDIAG=m
CONFIG_IP_TCPDIAG_IPV6=y
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_TUNNEL=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_PHYSDEV=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_REALM=m
CONFIG_IP_NF_MATCH_SCTP=m
CONFIG_IP_NF_MATCH_COMMENT=m
CONFIG_IP_NF_MATCH_CONNMARK=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
CONFIG_IP_NF_TARGET_CONNMARK=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP6_NF_QUEUE is not set
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_PHYSDEV=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPW2100=m
# CONFIG_IPW_DEBUG is not set
CONFIG_IPW2100_PROMISC=y
# CONFIG_IPW2100_LEGACY_FW_LOAD is not set
CONFIG_IPW2200=m
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
#
# INN
#
news.=crit /var/log/news/news.crit
news.=err /var/log/news/news.err
news.notice /var/log/news/news.notice
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 24.158.96.130
nameserver 24.158.96.131
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x 3 root root 4096 Feb 7 17:14 2.6.11-1.1369_FC4
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c0308815 T netif_rx
c03089ba T netif_rx_ni
c0308815 U netif_rx [ppp_generic]
c0308815 U netif_rx [ipv6]
c0308815 U netif_rx [3c59x]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.11-1.1369_FC4:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1,$p' /dev/null
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
+ _________________________ plog
+ sed -n '351566,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jul 18 08:04:37 fc4 ipsec__plutorun: Starting Pluto subsystem...
Jul 18 08:04:37 fc4 pluto[1213]: Starting Pluto (Openswan Version 2.4.4
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)
Jul 18 08:04:37 fc4 pluto[1213]: Setting NAT-Traversal port-4500 floating
to off
Jul 18 08:04:37 fc4 pluto[1213]: port floating activation criteria
nat_t=0/port_fload=1
Jul 18 08:04:37 fc4 pluto[1213]: including NAT-Traversal patch (Version
0.6c) [disabled]
Jul 18 08:04:37 fc4 pluto[1213]: | opening /dev/urandom
Jul 18 08:04:37 fc4 pluto[1213]: | inserting event EVENT_REINIT_SECRET,
timeout in 3600 seconds
Jul 18 08:04:37 fc4 pluto[1213]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jul 18 08:04:37 fc4 pluto[1213]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Jul 18 08:04:37 fc4 pluto[1213]: starting up 1 cryptographic helpers
Jul 18 08:04:37 fc4 pluto[1219]: | opening /dev/urandom
Jul 18 08:04:37 fc4 pluto[1213]: started helper pid=1219 (fd:6)
Jul 18 08:04:37 fc4 pluto[1213]: | process 1213 listening for PF_KEY_V2 on
file descriptor 7
Jul 18 08:04:37 fc4 pluto[1213]: Using Linux 2.6 IPsec interface code on
2.6.11-1.1369_FC4
Jul 18 08:04:37 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 18 08:04:37 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p(nil).
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p0x94cd400.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x94cbdc0 allocated 16 bytes, &(extensions[0])=0p0xbf81dbf0
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2,
res=0, seq=1, pid=1213.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | finish_pfkey_msg: SADB_REGISTER message
1 for AH
Jul 18 08:04:38 fc4 pluto[1213]: | 02 07 00 02 02 00 00 00 01 00 00 00 bd
04 00 00
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_get: SADB_REGISTER message 1
Jul 18 08:04:38 fc4 pluto[1213]: | AH registered with kernel.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p(nil).
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p0x94cd400.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x94cbdc0 allocated 16 bytes, &(extensions[0])=0p0xbf81dbf0
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2,
res=0, seq=2, pid=1213.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:38 fc4 pluto[1213]: | finish_pfkey_msg: SADB_REGISTER message
2 for ESP
Jul 18 08:04:38 fc4 pluto[1213]: | 02 07 00 03 02 00 00 00 02 00 00 00 bd
04 00 00
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_get: SADB_REGISTER message 2
Jul 18 08:04:39 fc4 pluto[1213]: | alg_init():memset(0x34a960, 0, 2016)
memset(0x34b140, 0, 2048)
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=14,
alg_id=251
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=14,
alg_id=2
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0,
alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=14,
alg_id=3
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0,
alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=14,
alg_id=5
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0,
alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=11
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=2
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8,
alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=3
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8,
alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=7
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8,
alg_minbits=40, alg_maxbits=448, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=12
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=252
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_add():satype=3, exttype=15,
alg_id=253
Jul 18 08:04:39 fc4 pluto[1213]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jul 18 08:04:39 fc4 pluto[1213]: | ESP registered with kernel.
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p(nil).
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbf81cba0 pfkey_ext=0p0xbf81dbf0
*pfkey_ext=0p0x94cd400.
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x94cbdc0 allocated 16 bytes, &(extensions[0])=0p0xbf81dbf0
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2,
res=0, seq=3, pid=1213.
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jul 18 08:04:39 fc4 pluto[1213]: | finish_pfkey_msg: SADB_REGISTER message
3 for IPCOMP
Jul 18 08:04:39 fc4 pluto[1213]: | 02 07 00 09 02 00 00 00 03 00 00 00 bd
04 00 00
Jul 18 08:04:39 fc4 pluto[1213]: | pfkey_get: SADB_REGISTER message 3
Jul 18 08:04:39 fc4 pluto[1213]: | IPCOMP registered with kernel.
Jul 18 08:04:39 fc4 pluto[1213]: Could not change to directory
'/etc/ipsec.d/cacerts'
Jul 18 08:04:39 fc4 pluto[1213]: Could not change to directory
'/etc/ipsec.d/aacerts'
Jul 18 08:04:39 fc4 pluto[1213]: Could not change to directory
'/etc/ipsec.d/ocspcerts'
Jul 18 08:04:39 fc4 pluto[1213]: Could not change to directory
'/etc/ipsec.d/crls'
Jul 18 08:04:39 fc4 pluto[1213]: | inserting event EVENT_LOG_DAILY,
timeout in 57321 seconds
Jul 18 08:04:39 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 118
seconds
Jul 18 08:04:37 fc4 pluto[1219]: ! helper 0 waiting on fd: 7
Jul 18 08:04:40 fc4 pluto[1213]: |
Jul 18 08:04:40 fc4 pluto[1213]: | *received whack message
Jul 18 08:04:40 fc4 pluto[1213]: | Added new connection net-to-net with
policy PSK+ENCRYPT+TUNNEL+PFS
Jul 18 08:04:40 fc4 pluto[1213]: | counting wild cards for (none) is 15
Jul 18 08:04:40 fc4 pluto[1213]: | counting wild cards for (none) is 15
Jul 18 08:04:40 fc4 pluto[1213]: added connection description "net-to-net"
Jul 18 08:04:40 fc4 pluto[1213]: |
10.81.0.0/16===68.106.151.150...68.108.91.73===192.168.50.0/24
Jul 18 08:04:40 fc4 pluto[1213]: | ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
PSK+ENCRYPT+TUNNEL+PFS
Jul 18 08:04:40 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 117
seconds
Jul 18 08:04:41 fc4 pluto[1213]: |
Jul 18 08:04:41 fc4 pluto[1213]: | *received whack message
Jul 18 08:04:41 fc4 pluto[1213]: listening for IKE messages
Jul 18 08:04:41 fc4 pluto[1213]: | found lo with address 127.0.0.1
Jul 18 08:04:41 fc4 pluto[1213]: | found eth0 with address 68.108.91.73
Jul 18 08:04:41 fc4 pluto[1213]: | found eth1 with address 192.168.50.10
Jul 18 08:04:41 fc4 pluto[1213]: | found eth1:1 with address 192.168.50.20
Jul 18 08:04:41 fc4 pluto[1213]: | found eth1:2 with address 192.168.50.21
Jul 18 08:04:41 fc4 pluto[1213]: | found ppp0 with address 192.168.50.74
Jul 18 08:04:41 fc4 pluto[1213]: adding interface ppp0/ppp0
192.168.50.74:500
Jul 18 08:04:41 fc4 pluto[1213]: adding interface eth1:2/eth1:2
192.168.50.21:500
Jul 18 08:04:41 fc4 pluto[1213]: adding interface eth1:1/eth1:1
192.168.50.20:500
Jul 18 08:04:41 fc4 pluto[1213]: adding interface eth1/eth1
192.168.50.10:500
Jul 18 08:04:41 fc4 pluto[1213]: adding interface eth0/eth0
68.108.91.73:500
Jul 18 08:04:41 fc4 pluto[1213]: adding interface lo/lo 127.0.0.1:500
Jul 18 08:04:41 fc4 pluto[1213]: | found lo with address
0000:0000:0000:0000:0000:0000:0000:0001
Jul 18 08:04:41 fc4 pluto[1213]: adding interface lo/lo ::1:500
Jul 18 08:04:41 fc4 pluto[1213]: | connect_to_host_pair: 68.108.91.73:500
68.106.151.150:500 -> hp:none
Jul 18 08:04:41 fc4 pluto[1213]: loading secrets from "/etc/ipsec.secrets"
Jul 18 08:04:41 fc4 pluto[1213]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Jul 18 08:04:41 fc4 pluto[1213]: | loaded private key for keyid:
PPK_RSA:AQOv+JdPg
Jul 18 08:04:41 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 116
seconds
Jul 18 08:04:48 fc4 pluto[1213]: |
Jul 18 08:04:48 fc4 pluto[1213]: | *received whack message
Jul 18 08:04:48 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:48 fc4 pluto[1213]: | empty esp_info, returning empty
Jul 18 08:04:48 fc4 pluto[1213]: | creating state object #1 at 0x94cce90
Jul 18 08:04:48 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:48 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:48 fc4 pluto[1213]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 18 08:04:48 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:48 fc4 pluto[1213]: | state hash entry 9
Jul 18 08:04:48 fc4 pluto[1213]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Jul 18 08:04:48 fc4 pluto[1213]: | Queuing pending Quick Mode with
68.106.151.150 "net-to-net"
Jul 18 08:04:48 fc4 pluto[1213]: "net-to-net" #1: initiating Main Mode
Jul 18 08:04:48 fc4 pluto[1213]: | **emit ISAKMP Message:
Jul 18 08:04:48 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:48 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:48 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:48 fc4 pluto[1213]: | 00 00 00 00 00 00 00 00
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_SA
Jul 18 08:04:48 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:48 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:48 fc4 pluto[1213]: | flags: none
Jul 18 08:04:48 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:48 fc4 pluto[1213]: | no IKE algorithms for this connection
Jul 18 08:04:48 fc4 pluto[1213]: | ***emit ISAKMP Security Association
Payload:
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_VID
Jul 18 08:04:48 fc4 pluto[1213]: | DOI: ISAKMP_DOI_IPSEC
Jul 18 08:04:48 fc4 pluto[1213]: | ****emit IPsec DOI SIT:
Jul 18 08:04:48 fc4 pluto[1213]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 18 08:04:48 fc4 pluto[1213]: | out_sa pcn: 0 has 1 valid proposals
Jul 18 08:04:48 fc4 pluto[1213]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jul 18 08:04:48 fc4 pluto[1213]: | ****emit ISAKMP Proposal Payload:
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:48 fc4 pluto[1213]: | proposal number: 0
Jul 18 08:04:48 fc4 pluto[1213]: | protocol ID: PROTO_ISAKMP
Jul 18 08:04:48 fc4 pluto[1213]: | SPI size: 0
Jul 18 08:04:48 fc4 pluto[1213]: | number of transforms: 4
Jul 18 08:04:48 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:48 fc4 pluto[1213]: | transform number: 0
Jul 18 08:04:48 fc4 pluto[1213]: | transform ID: KEY_IKE
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_TYPE
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_DURATION
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 3600
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:48 fc4 pluto[1213]: | [5 is OAKLEY_3DES_CBC]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_MD5]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:48 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:48 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jul 18 08:04:48 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:48 fc4 pluto[1213]: | transform number: 1
Jul 18 08:04:48 fc4 pluto[1213]: | transform ID: KEY_IKE
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_TYPE
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_DURATION
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 3600
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:48 fc4 pluto[1213]: | [5 is OAKLEY_3DES_CBC]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:48 fc4 pluto[1213]: | [2 is OAKLEY_SHA1]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:48 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:48 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jul 18 08:04:48 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jul 18 08:04:48 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:48 fc4 pluto[1213]: | transform number: 2
Jul 18 08:04:48 fc4 pluto[1213]: | transform ID: KEY_IKE
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_TYPE
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:48 fc4 pluto[1213]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_DURATION
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 3600
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:48 fc4 pluto[1213]: | [5 is OAKLEY_3DES_CBC]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 18 08:04:48 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:48 fc4 pluto[1213]: | [2 is OAKLEY_SHA1]
Jul 18 08:04:48 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:48 fc4 pluto[1213]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:49 fc4 pluto[1213]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jul 18 08:04:49 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | transform number: 3
Jul 18 08:04:49 fc4 pluto[1213]: | transform ID: KEY_IKE
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_TYPE
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_DURATION
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 3600
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:49 fc4 pluto[1213]: | [5 is OAKLEY_3DES_CBC]
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_MD5]
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 18 08:04:49 fc4 pluto[1213]: | ******emit ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:49 fc4 pluto[1213]: | [2 is OAKLEY_GROUP_MODP1024]
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Proposal
Payload: 136
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Security
Association Payload: 148
Jul 18 08:04:49 fc4 pluto[1213]: | ***emit ISAKMP Vendor ID Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | emitting 12 raw bytes of Vendor ID into
ISAKMP Vendor ID Payload
Jul 18 08:04:49 fc4 pluto[1213]: | Vendor ID 4f 45 7a 7d 46 46 46 66 67 72
5f 65
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Vendor ID
Payload: 16
Jul 18 08:04:49 fc4 pluto[1213]: | ***emit ISAKMP Vendor ID Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | emitting 16 raw bytes of V_ID into
ISAKMP Vendor ID Payload
Jul 18 08:04:49 fc4 pluto[1213]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96
fc 77 57 01 00
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Vendor ID
Payload: 20
Jul 18 08:04:49 fc4 pluto[1213]: | nat traversal enabled: 0
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Message: 212
Jul 18 08:04:49 fc4 pluto[1213]: | sending 212 bytes for main_outI1
through eth0:500 to 68.106.151.150:500:
Jul 18 08:04:49 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 00 00 00 00 00
00 00 00
Jul 18 08:04:49 fc4 pluto[1213]: | 01 10 02 00 00 00 00 00 00 00 00 d4 0d
00 00 94
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 01 00 00 00 01 00 00 00 88 00
01 00 04
Jul 18 08:04:49 fc4 pluto[1213]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80
0c 0e 10
Jul 18 08:04:49 fc4 pluto[1213]: | 80 01 00 05 80 02 00 01 80 03 00 01 80
04 00 05
Jul 18 08:04:49 fc4 pluto[1213]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80
0c 0e 10
Jul 18 08:04:49 fc4 pluto[1213]: | 80 01 00 05 80 02 00 02 80 03 00 01 80
04 00 05
Jul 18 08:04:49 fc4 pluto[1213]: | 03 00 00 20 02 01 00 00 80 0b 00 01 80
0c 0e 10
Jul 18 08:04:49 fc4 pluto[1213]: | 80 01 00 05 80 02 00 02 80 03 00 01 80
04 00 02
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 20 03 01 00 00 80 0b 00 01 80
0c 0e 10
Jul 18 08:04:49 fc4 pluto[1213]: | 80 01 00 05 80 02 00 01 80 03 00 01 80
04 00 02
Jul 18 08:04:49 fc4 pluto[1213]: | 0d 00 00 10 4f 45 7a 7d 46 46 46 66 67
72 5f 65
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 14 af ca d7 13 68 a1 f1 c9 6b
86 96 fc
Jul 18 08:04:49 fc4 pluto[1213]: | 77 57 01 00
Jul 18 08:04:49 fc4 pluto[1213]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jul 18 08:04:49 fc4 pluto[1213]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jul 18 08:04:49 fc4 pluto[1213]: |
Jul 18 08:04:49 fc4 pluto[1213]: | *received 116 bytes from
68.106.151.150:500 on eth0 (port=500)
Jul 18 08:04:49 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | 01 10 02 00 00 00 00 00 00 00 00 74 0d
00 00 34
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 01 00 00 00 01 00 00 00 28 00
01 00 01
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 20 00 01 00 00 80 0b 00 01 80
0c 0e 10
Jul 18 08:04:49 fc4 pluto[1213]: | 80 01 00 05 80 02 00 01 80 03 00 01 80
04 00 05
Jul 18 08:04:49 fc4 pluto[1213]: | 0d 00 00 10 4f 45 7a 7d 46 46 46 66 67
72 5f 65
Jul 18 08:04:49 fc4 pluto[1213]: | 00 00 00 14 af ca d7 13 68 a1 f1 c9 6b
86 96 fc
Jul 18 08:04:49 fc4 pluto[1213]: | 77 57 01 00
Jul 18 08:04:49 fc4 pluto[1213]: | **parse ISAKMP Message:
Jul 18 08:04:49 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:49 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:49 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_SA
Jul 18 08:04:49 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:49 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:49 fc4 pluto[1213]: | flags: none
Jul 18 08:04:49 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:49 fc4 pluto[1213]: | length: 116
Jul 18 08:04:49 fc4 pluto[1213]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jul 18 08:04:49 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:49 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:49 fc4 pluto[1213]: | state object not found
Jul 18 08:04:49 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 18 08:04:49 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:49 fc4 pluto[1213]: | state hash entry 9
Jul 18 08:04:49 fc4 pluto[1213]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jul 18 08:04:49 fc4 pluto[1213]: | state object #1 found, in STATE_MAIN_I1
Jul 18 08:04:49 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:49 fc4 pluto[1213]: | ***parse ISAKMP Security Association
Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_VID
Jul 18 08:04:49 fc4 pluto[1213]: | length: 52
Jul 18 08:04:49 fc4 pluto[1213]: | DOI: ISAKMP_DOI_IPSEC
Jul 18 08:04:49 fc4 pluto[1213]: | ***parse ISAKMP Vendor ID Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_VID
Jul 18 08:04:49 fc4 pluto[1213]: | length: 16
Jul 18 08:04:49 fc4 pluto[1213]: | ***parse ISAKMP Vendor ID Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | length: 20
Jul 18 08:04:49 fc4 pluto[1213]: "net-to-net" #1: received Vendor ID
payload [Openswan (this version) 2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Jul 18 08:04:49 fc4 pluto[1213]: "net-to-net" #1: received Vendor ID
payload [Dead Peer Detection]
Jul 18 08:04:49 fc4 pluto[1213]: | ****parse IPsec DOI SIT:
Jul 18 08:04:49 fc4 pluto[1213]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 18 08:04:49 fc4 pluto[1213]: | ****parse ISAKMP Proposal Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | length: 40
Jul 18 08:04:49 fc4 pluto[1213]: | proposal number: 0
Jul 18 08:04:49 fc4 pluto[1213]: | protocol ID: PROTO_ISAKMP
Jul 18 08:04:49 fc4 pluto[1213]: | SPI size: 0
Jul 18 08:04:49 fc4 pluto[1213]: | number of transforms: 1
Jul 18 08:04:49 fc4 pluto[1213]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | length: 32
Jul 18 08:04:49 fc4 pluto[1213]: | transform number: 0
Jul 18 08:04:49 fc4 pluto[1213]: | transform ID: KEY_IKE
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_TYPE
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_LIFE_SECONDS]
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_LIFE_DURATION
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 3600
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:49 fc4 pluto[1213]: | [5 is OAKLEY_3DES_CBC]
Jul 18 08:04:49 fc4 pluto[1213]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_HASH_ALGORITHM
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_MD5]
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:49 fc4 pluto[1213]: | [1 is OAKLEY_PRESHARED_KEY]
Jul 18 08:04:49 fc4 pluto[1213]: | started looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:49 fc4 pluto[1213]: | actually looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:49 fc4 pluto[1213]: | 1: compared PSK 68.106.151.150 to
68.108.91.73 / 68.106.151.150 -> 2
Jul 18 08:04:49 fc4 pluto[1213]: | 2: compared PSK 68.108.91.73 to
68.108.91.73 / 68.106.151.150 -> 6
Jul 18 08:04:49 fc4 pluto[1213]: | best_match 0>6 best=0x94cc658 (line=1)
Jul 18 08:04:49 fc4 pluto[1213]: | concluding with best_match=6
best=0x94cc658 (lineno=1)
Jul 18 08:04:49 fc4 pluto[1213]: | ******parse ISAKMP Oakley attribute:
Jul 18 08:04:49 fc4 pluto[1213]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jul 18 08:04:49 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:49 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:49 fc4 pluto[1213]: | Oakley Transform 0 accepted
Jul 18 08:04:49 fc4 pluto[1213]: | sender checking NAT-t: 0 and 0
Jul 18 08:04:49 fc4 pluto[1213]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 18 08:04:49 fc4 pluto[1213]: | asking helper 0 to do build_kenonce op
on seq: 1
Jul 18 08:04:49 fc4 pluto[1213]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #1
Jul 18 08:04:49 fc4 pluto[1219]: ! helper -1 doing build_kenonce op id: 1
Jul 18 08:04:49 fc4 pluto[1213]: | complete state transition with
STF_SUSPEND
Jul 18 08:04:49 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 108
seconds
Jul 18 08:04:49 fc4 pluto[1219]: ! Local DH secret:
Jul 18 08:04:49 fc4 pluto[1219]: ! cf 97 91 66 53 79 f6 d4 ee 44 c8 35 14
50 4b 0a
Jul 18 08:04:49 fc4 pluto[1219]: ! 93 43 04 52 0a a5 95 19 54 46 3f 1b 2a
74 73 f6
Jul 18 08:04:49 fc4 pluto[1219]: ! Public DH value sent:
Jul 18 08:04:49 fc4 pluto[1219]: ! 8b e1 61 6b 7d 02 33 02 d1 bd e2 33 6e
24 65 38
Jul 18 08:04:49 fc4 pluto[1219]: ! 56 b0 62 8a 9f 69 60 e4 19 6f 37 87 1b
a6 c0 a3
Jul 18 08:04:49 fc4 pluto[1219]: ! 03 31 ce aa 26 6e 50 9f 75 95 b3 8f ee
61 02 83
Jul 18 08:04:49 fc4 pluto[1219]: ! 20 bb 8b 15 5f 15 49 90 1a 2b 37 e2 17
13 77 7c
Jul 18 08:04:49 fc4 pluto[1219]: ! 90 ae c5 88 32 a2 68 57 58 4b eb 67 27
e6 a7 05
Jul 18 08:04:49 fc4 pluto[1219]: ! 57 8a 37 72 13 af 82 6b 17 3c c3 5f fd
56 a3 e0
Jul 18 08:04:49 fc4 pluto[1219]: ! 6d 06 25 28 07 e6 f7 a6 6a f6 4a 47 3e
b8 a4 b0
Jul 18 08:04:49 fc4 pluto[1219]: ! 8a c7 48 6e b4 d3 16 bd 46 9d 07 94 f1
93 a0 43
Jul 18 08:04:49 fc4 pluto[1219]: ! 5a 50 7d 61 fe 85 8c 20 bf 13 2b 38 b1
c9 c6 ff
Jul 18 08:04:49 fc4 pluto[1219]: ! b0 2a 8f 04 da b0 3a a5 81 f2 e6 06 a5
48 22 27
Jul 18 08:04:49 fc4 pluto[1219]: ! eb 28 60 2b de b4 ba ff e6 8a c4 cf b0
64 da 71
Jul 18 08:04:49 fc4 pluto[1219]: ! c5 2a dd 68 d5 11 08 f1 cf 9c 95 87 0a
b6 de 05
Jul 18 08:04:49 fc4 pluto[1219]: ! Generated nonce:
Jul 18 08:04:49 fc4 pluto[1219]: ! 85 72 27 d8 2a 7b 34 58 76 ba ec f7 48
58 b0 a2
Jul 18 08:04:49 fc4 pluto[1213]: | helper 0 has work (cnt now 0)
Jul 18 08:04:49 fc4 pluto[1213]: | helper 0 replies to sequence 1
Jul 18 08:04:49 fc4 pluto[1213]: | calling callback function 0x2ab777
Jul 18 08:04:49 fc4 pluto[1213]: | main inR1_outI2: calculated ke+nonce,
sending I2
Jul 18 08:04:49 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:49 fc4 pluto[1213]: | **emit ISAKMP Message:
Jul 18 08:04:49 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:49 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:49 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_KE
Jul 18 08:04:49 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:49 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:49 fc4 pluto[1213]: | flags: none
Jul 18 08:04:49 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:49 fc4 pluto[1213]: | ***emit ISAKMP Key Exchange Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONCE
Jul 18 08:04:49 fc4 pluto[1213]: | emitting 192 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jul 18 08:04:49 fc4 pluto[1213]: | keyex value 8b e1 61 6b 7d 02 33 02 d1
bd e2 33 6e 24 65 38
Jul 18 08:04:49 fc4 pluto[1213]: | 56 b0 62 8a 9f 69 60 e4 19 6f 37 87 1b
a6 c0 a3
Jul 18 08:04:49 fc4 pluto[1213]: | 03 31 ce aa 26 6e 50 9f 75 95 b3 8f ee
61 02 83
Jul 18 08:04:49 fc4 pluto[1213]: | 20 bb 8b 15 5f 15 49 90 1a 2b 37 e2 17
13 77 7c
Jul 18 08:04:49 fc4 pluto[1213]: | 90 ae c5 88 32 a2 68 57 58 4b eb 67 27
e6 a7 05
Jul 18 08:04:49 fc4 pluto[1213]: | 57 8a 37 72 13 af 82 6b 17 3c c3 5f fd
56 a3 e0
Jul 18 08:04:49 fc4 pluto[1213]: | 6d 06 25 28 07 e6 f7 a6 6a f6 4a 47 3e
b8 a4 b0
Jul 18 08:04:49 fc4 pluto[1213]: | 8a c7 48 6e b4 d3 16 bd 46 9d 07 94 f1
93 a0 43
Jul 18 08:04:49 fc4 pluto[1213]: | 5a 50 7d 61 fe 85 8c 20 bf 13 2b 38 b1
c9 c6 ff
Jul 18 08:04:49 fc4 pluto[1213]: | b0 2a 8f 04 da b0 3a a5 81 f2 e6 06 a5
48 22 27
Jul 18 08:04:49 fc4 pluto[1213]: | eb 28 60 2b de b4 ba ff e6 8a c4 cf b0
64 da 71
Jul 18 08:04:49 fc4 pluto[1213]: | c5 2a dd 68 d5 11 08 f1 cf 9c 95 87 0a
b6 de 05
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Key Exchange
Payload: 196
Jul 18 08:04:49 fc4 pluto[1213]: | ***emit ISAKMP Nonce Payload:
Jul 18 08:04:49 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:49 fc4 pluto[1213]: | emitting 16 raw bytes of Ni into ISAKMP
Nonce Payload
Jul 18 08:04:49 fc4 pluto[1213]: | Ni 85 72 27 d8 2a 7b 34 58 76 ba ec f7
48 58 b0 a2
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Nonce
Payload: 20
Jul 18 08:04:49 fc4 pluto[1213]: | emitting length of ISAKMP Message: 244
Jul 18 08:04:49 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jul 18 08:04:49 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:49 fc4 pluto[1213]: | state hash entry 9
Jul 18 08:04:49 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:49 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:49 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:49 fc4 pluto[1213]: | complete state transition with STF_OK
Jul 18 08:04:49 fc4 pluto[1213]: "net-to-net" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 18 08:04:49 fc4 pluto[1213]: | sending reply packet to
68.106.151.150:500 (from port=500)
Jul 18 08:04:49 fc4 pluto[1213]: | sending 244 bytes for STATE_MAIN_I1
through eth0:500 to 68.106.151.150:500:
Jul 18 08:04:49 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:49 fc4 pluto[1213]: | 04 10 02 00 00 00 00 00 00 00 00 f4 0a
00 00 c4
Jul 18 08:04:49 fc4 pluto[1213]: | 8b e1 61 6b 7d 02 33 02 d1 bd e2 33 6e
24 65 38
Jul 18 08:04:49 fc4 pluto[1213]: | 56 b0 62 8a 9f 69 60 e4 19 6f 37 87 1b
a6 c0 a3
Jul 18 08:04:49 fc4 pluto[1213]: | 03 31 ce aa 26 6e 50 9f 75 95 b3 8f ee
61 02 83
Jul 18 08:04:50 fc4 pluto[1213]: | 20 bb 8b 15 5f 15 49 90 1a 2b 37 e2 17
13 77 7c
Jul 18 08:04:50 fc4 pluto[1213]: | 90 ae c5 88 32 a2 68 57 58 4b eb 67 27
e6 a7 05
Jul 18 08:04:50 fc4 pluto[1213]: | 57 8a 37 72 13 af 82 6b 17 3c c3 5f fd
56 a3 e0
Jul 18 08:04:50 fc4 pluto[1213]: | 6d 06 25 28 07 e6 f7 a6 6a f6 4a 47 3e
b8 a4 b0
Jul 18 08:04:50 fc4 pluto[1213]: | 8a c7 48 6e b4 d3 16 bd 46 9d 07 94 f1
93 a0 43
Jul 18 08:04:50 fc4 pluto[1213]: | 5a 50 7d 61 fe 85 8c 20 bf 13 2b 38 b1
c9 c6 ff
Jul 18 08:04:50 fc4 pluto[1213]: | b0 2a 8f 04 da b0 3a a5 81 f2 e6 06 a5
48 22 27
Jul 18 08:04:50 fc4 pluto[1213]: | eb 28 60 2b de b4 ba ff e6 8a c4 cf b0
64 da 71
Jul 18 08:04:50 fc4 pluto[1213]: | c5 2a dd 68 d5 11 08 f1 cf 9c 95 87 0a
b6 de 05
Jul 18 08:04:50 fc4 pluto[1213]: | 00 00 00 14 85 72 27 d8 2a 7b 34 58 76
ba ec f7
Jul 18 08:04:50 fc4 pluto[1213]: | 48 58 b0 a2
Jul 18 08:04:50 fc4 pluto[1213]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jul 18 08:04:50 fc4 pluto[1213]: "net-to-net" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
Jul 18 08:04:50 fc4 pluto[1213]: | modecfg pull: noquirk policy:push
not-client
Jul 18 08:04:50 fc4 pluto[1213]: | phase 1 is done, looking for phase 1 to
unpend
Jul 18 08:04:50 fc4 pluto[1213]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jul 18 08:04:50 fc4 pluto[1213]: |
Jul 18 08:04:50 fc4 pluto[1213]: | *received 244 bytes from
68.106.151.150:500 on eth0 (port=500)
Jul 18 08:04:50 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:50 fc4 pluto[1213]: | 04 10 02 00 00 00 00 00 00 00 00 f4 0a
00 00 c4
Jul 18 08:04:50 fc4 pluto[1213]: | 55 d6 45 ef 5e 3c 4e fc 1f 31 2c f6 ee
79 70 8e
Jul 18 08:04:50 fc4 pluto[1213]: | 47 a6 6b ae 48 b3 4f e0 7e 78 4a 92 2e
a8 17 3a
Jul 18 08:04:50 fc4 pluto[1213]: | 3e 44 5c be 34 4c 41 49 cf a4 e5 d5 3b
ec bc 3d
Jul 18 08:04:50 fc4 pluto[1213]: | 6f 52 7e ed 0e 2b 56 f0 da 11 76 39 57
38 3b ed
Jul 18 08:04:50 fc4 pluto[1213]: | 88 3f 73 3f 07 0f 49 a1 69 96 4d c6 8f
b7 e3 12
Jul 18 08:04:50 fc4 pluto[1213]: | 82 62 68 79 1d fb e8 fd e5 70 e0 61 ef
a0 3e a0
Jul 18 08:04:50 fc4 pluto[1213]: | 52 f6 13 35 a1 61 6d d1 15 c5 94 e7 fa
2f 03 76
Jul 18 08:04:50 fc4 pluto[1213]: | a9 e1 7e 24 b0 f8 a8 75 4e 6a 61 ac 36
47 44 10
Jul 18 08:04:50 fc4 pluto[1213]: | b0 5c db 1a d5 5e df 5f 85 02 bb e7 49
cc 88 bc
Jul 18 08:04:50 fc4 pluto[1213]: | f0 53 5a 3c a2 d7 da ee f2 d0 f2 88 df
67 b2 1d
Jul 18 08:04:50 fc4 pluto[1213]: | 54 0b 66 eb 3c 28 a4 3c e1 71 a1 60 46
35 cf 58
Jul 18 08:04:50 fc4 pluto[1213]: | bc f5 49 62 ba a9 c1 a0 fe a3 03 fe 4f
38 1e 81
Jul 18 08:04:50 fc4 pluto[1213]: | 00 00 00 14 ca af 73 92 8e f0 ab d7 e2
f0 2e 7e
Jul 18 08:04:50 fc4 pluto[1213]: | b6 54 73 fd
Jul 18 08:04:50 fc4 pluto[1213]: | **parse ISAKMP Message:
Jul 18 08:04:50 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:50 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:50 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:50 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_KE
Jul 18 08:04:50 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:50 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:50 fc4 pluto[1213]: | flags: none
Jul 18 08:04:50 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:50 fc4 pluto[1213]: | length: 244
Jul 18 08:04:50 fc4 pluto[1213]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jul 18 08:04:50 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:50 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:50 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:50 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:50 fc4 pluto[1213]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jul 18 08:04:50 fc4 pluto[1213]: | state object #1 found, in STATE_MAIN_I2
Jul 18 08:04:50 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:50 fc4 pluto[1213]: | ***parse ISAKMP Key Exchange Payload:
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONCE
Jul 18 08:04:50 fc4 pluto[1213]: | length: 196
Jul 18 08:04:50 fc4 pluto[1213]: | ***parse ISAKMP Nonce Payload:
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:50 fc4 pluto[1213]: | length: 20
Jul 18 08:04:50 fc4 pluto[1213]: | **emit ISAKMP Message:
Jul 18 08:04:50 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:50 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:50 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:50 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:50 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:50 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:50 fc4 pluto[1213]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 18 08:04:50 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:50 fc4 pluto[1213]: | DH public value received:
Jul 18 08:04:50 fc4 pluto[1213]: | 55 d6 45 ef 5e 3c 4e fc 1f 31 2c f6 ee
79 70 8e
Jul 18 08:04:50 fc4 pluto[1213]: | 47 a6 6b ae 48 b3 4f e0 7e 78 4a 92 2e
a8 17 3a
Jul 18 08:04:50 fc4 pluto[1213]: | 3e 44 5c be 34 4c 41 49 cf a4 e5 d5 3b
ec bc 3d
Jul 18 08:04:50 fc4 pluto[1213]: | 6f 52 7e ed 0e 2b 56 f0 da 11 76 39 57
38 3b ed
Jul 18 08:04:50 fc4 pluto[1213]: | 88 3f 73 3f 07 0f 49 a1 69 96 4d c6 8f
b7 e3 12
Jul 18 08:04:50 fc4 pluto[1213]: | 82 62 68 79 1d fb e8 fd e5 70 e0 61 ef
a0 3e a0
Jul 18 08:04:50 fc4 pluto[1213]: | 52 f6 13 35 a1 61 6d d1 15 c5 94 e7 fa
2f 03 76
Jul 18 08:04:50 fc4 pluto[1213]: | a9 e1 7e 24 b0 f8 a8 75 4e 6a 61 ac 36
47 44 10
Jul 18 08:04:50 fc4 pluto[1213]: | b0 5c db 1a d5 5e df 5f 85 02 bb e7 49
cc 88 bc
Jul 18 08:04:50 fc4 pluto[1213]: | f0 53 5a 3c a2 d7 da ee f2 d0 f2 88 df
67 b2 1d
Jul 18 08:04:50 fc4 pluto[1213]: | 54 0b 66 eb 3c 28 a4 3c e1 71 a1 60 46
35 cf 58
Jul 18 08:04:50 fc4 pluto[1213]: | bc f5 49 62 ba a9 c1 a0 fe a3 03 fe 4f
38 1e 81
Jul 18 08:04:50 fc4 pluto[1213]: | thinking about whether to send my
certificate:
Jul 18 08:04:50 fc4 pluto[1213]: | I have RSA key: OAKLEY_PRESHARED_KEY
cert.type: CERT_NONE
Jul 18 08:04:50 fc4 pluto[1213]: | sendcert: CERT_ALWAYSSEND and I did not
get a certificate request
Jul 18 08:04:50 fc4 pluto[1213]: | so do not send cert.
Jul 18 08:04:50 fc4 pluto[1213]: "net-to-net" #1: I did not send a
certificate because I do not have one.
Jul 18 08:04:50 fc4 pluto[1213]: | I am not sending a certificate request
Jul 18 08:04:50 fc4 pluto[1213]: | started looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:50 fc4 pluto[1213]: | actually looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:50 fc4 pluto[1213]: | 1: compared PSK 68.106.151.150 to
68.108.91.73 / 68.106.151.150 -> 2
Jul 18 08:04:50 fc4 pluto[1213]: | 2: compared PSK 68.108.91.73 to
68.108.91.73 / 68.106.151.150 -> 6
Jul 18 08:04:50 fc4 pluto[1213]: | best_match 0>6 best=0x94cc658 (line=1)
Jul 18 08:04:50 fc4 pluto[1213]: | concluding with best_match=6
best=0x94cc658 (lineno=1)
Jul 18 08:04:50 fc4 pluto[1213]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1536): 41543 usec
Jul 18 08:04:50 fc4 pluto[1213]: | DH shared secret:
Jul 18 08:04:50 fc4 pluto[1213]: | 03 8d 69 f6 b6 cc 4e e9 c0 87 8c 12 ab
93 a3 c4
Jul 18 08:04:50 fc4 pluto[1213]: | 8f e9 11 6b cf d9 b0 68 29 db fc 60 43
75 ee 45
Jul 18 08:04:50 fc4 pluto[1213]: | 9c 29 fe c0 3a 3d bc c3 80 b8 fe 5f fe
a9 8b cd
Jul 18 08:04:50 fc4 pluto[1213]: | 53 fb af a9 33 d0 a5 68 03 0a f5 73 50
80 69 49
Jul 18 08:04:50 fc4 pluto[1213]: | d7 3d df d0 18 b1 5e 95 ab 16 6d b4 29
b4 51 e0
Jul 18 08:04:50 fc4 pluto[1213]: | bc 1b 47 b1 5f 32 7e fd d6 e2 bb 10 cc
a5 ec 66
Jul 18 08:04:50 fc4 pluto[1213]: | 4c 34 bc bd fe 19 0e 59 17 3e f2 64 0b
97 5a 80
Jul 18 08:04:50 fc4 pluto[1213]: | 7c 46 8f 8d 97 08 1f 29 c4 0e 5e dd 33
67 2b 3d
Jul 18 08:04:50 fc4 pluto[1213]: | 31 e0 26 47 e4 b5 b4 6e 51 a8 7a ee 49
e9 a1 95
Jul 18 08:04:50 fc4 pluto[1213]: | 8f a0 2c 6a b0 cb c8 c2 d1 09 d4 20 2c
72 b2 59
Jul 18 08:04:50 fc4 pluto[1213]: | e3 0c d1 d0 bc a6 2e b7 da 8b 02 52 ef
78 82 52
Jul 18 08:04:50 fc4 pluto[1213]: | 9c f5 9b 90 b5 a3 e1 27 eb 04 1d 35 0a
df 17 e3
Jul 18 08:04:50 fc4 pluto[1213]: | Skey inputs (PSK+NI+NR)
Jul 18 08:04:50 fc4 pluto[1213]: | ni: 85 72 27 d8 2a 7b 34 58 76 ba ec f7
48 58 b0 a2
Jul 18 08:04:50 fc4 pluto[1213]: | nr: ca af 73 92 8e f0 ab d7 e2 f0 2e 7e
b6 54 73 fd
Jul 18 08:04:50 fc4 pluto[1213]: | keyid: 6d 4d a3 10 9f 7d 6c e2 c6 c7 ad
56 6e 97 a7 d8
Jul 18 08:04:50 fc4 pluto[1213]: | DH_i: 8b e1 61 6b 7d 02 33 02 d1 bd e2
33 6e 24 65 38
Jul 18 08:04:50 fc4 pluto[1213]: | 56 b0 62 8a 9f 69 60 e4 19 6f 37 87 1b
a6 c0 a3
Jul 18 08:04:50 fc4 pluto[1213]: | 03 31 ce aa 26 6e 50 9f 75 95 b3 8f ee
61 02 83
Jul 18 08:04:50 fc4 pluto[1213]: | 20 bb 8b 15 5f 15 49 90 1a 2b 37 e2 17
13 77 7c
Jul 18 08:04:50 fc4 pluto[1213]: | 90 ae c5 88 32 a2 68 57 58 4b eb 67 27
e6 a7 05
Jul 18 08:04:50 fc4 pluto[1213]: | 57 8a 37 72 13 af 82 6b 17 3c c3 5f fd
56 a3 e0
Jul 18 08:04:50 fc4 pluto[1213]: | 6d 06 25 28 07 e6 f7 a6 6a f6 4a 47 3e
b8 a4 b0
Jul 18 08:04:50 fc4 pluto[1213]: | 8a c7 48 6e b4 d3 16 bd 46 9d 07 94 f1
93 a0 43
Jul 18 08:04:50 fc4 pluto[1213]: | 5a 50 7d 61 fe 85 8c 20 bf 13 2b 38 b1
c9 c6 ff
Jul 18 08:04:50 fc4 pluto[1213]: | b0 2a 8f 04 da b0 3a a5 81 f2 e6 06 a5
48 22 27
Jul 18 08:04:50 fc4 pluto[1213]: | eb 28 60 2b de b4 ba ff e6 8a c4 cf b0
64 da 71
Jul 18 08:04:50 fc4 pluto[1213]: | c5 2a dd 68 d5 11 08 f1 cf 9c 95 87 0a
b6 de 05
Jul 18 08:04:50 fc4 pluto[1213]: | DH_r: 55 d6 45 ef 5e 3c 4e fc 1f 31 2c
f6 ee 79 70 8e
Jul 18 08:04:50 fc4 pluto[1213]: | 47 a6 6b ae 48 b3 4f e0 7e 78 4a 92 2e
a8 17 3a
Jul 18 08:04:50 fc4 pluto[1213]: | 3e 44 5c be 34 4c 41 49 cf a4 e5 d5 3b
ec bc 3d
Jul 18 08:04:50 fc4 pluto[1213]: | 6f 52 7e ed 0e 2b 56 f0 da 11 76 39 57
38 3b ed
Jul 18 08:04:50 fc4 pluto[1213]: | 88 3f 73 3f 07 0f 49 a1 69 96 4d c6 8f
b7 e3 12
Jul 18 08:04:50 fc4 pluto[1213]: | 82 62 68 79 1d fb e8 fd e5 70 e0 61 ef
a0 3e a0
Jul 18 08:04:50 fc4 pluto[1213]: | 52 f6 13 35 a1 61 6d d1 15 c5 94 e7 fa
2f 03 76
Jul 18 08:04:50 fc4 pluto[1213]: | a9 e1 7e 24 b0 f8 a8 75 4e 6a 61 ac 36
47 44 10
Jul 18 08:04:50 fc4 pluto[1213]: | b0 5c db 1a d5 5e df 5f 85 02 bb e7 49
cc 88 bc
Jul 18 08:04:50 fc4 pluto[1213]: | f0 53 5a 3c a2 d7 da ee f2 d0 f2 88 df
67 b2 1d
Jul 18 08:04:50 fc4 pluto[1213]: | 54 0b 66 eb 3c 28 a4 3c e1 71 a1 60 46
35 cf 58
Jul 18 08:04:50 fc4 pluto[1213]: | bc f5 49 62 ba a9 c1 a0 fe a3 03 fe 4f
38 1e 81
Jul 18 08:04:50 fc4 pluto[1213]: | Skeyid: 6d 4d a3 10 9f 7d 6c e2 c6 c7
ad 56 6e 97 a7 d8
Jul 18 08:04:50 fc4 pluto[1213]: | Skeyid_d: 3c 82 d2 2d a5 71 23 ab a1 2f
32 f1 1f 8b 7b 39
Jul 18 08:04:50 fc4 pluto[1213]: | Skeyid_a: 8a b9 a6 d8 0a 2a 15 8d 84 cf
8f 09 c6 7b 85 c9
Jul 18 08:04:50 fc4 pluto[1213]: | Skeyid_e: 44 e5 81 bd 3b 8c 8a 3f 46 60
26 65 59 17 83 f5
Jul 18 08:04:50 fc4 pluto[1213]: | enc key: 46 89 ee fb b6 3c e4 fa fe 3e
33 6a b6 80 fd 05
Jul 18 08:04:50 fc4 pluto[1213]: | c0 5f 61 20 ff d4 c8 43
Jul 18 08:04:50 fc4 pluto[1213]: | IV: ab 8f d3 c7 7f 3e 4a e6 5e 0c ff 13
72 77 67 0c
Jul 18 08:04:50 fc4 pluto[1213]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_HASH
Jul 18 08:04:50 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR
Jul 18 08:04:50 fc4 pluto[1213]: | Protocol ID: 0
Jul 18 08:04:50 fc4 pluto[1213]: | port: 0
Jul 18 08:04:50 fc4 pluto[1213]: | emitting 4 raw bytes of my identity
into ISAKMP Identification Payload (IPsec DOI)
Jul 18 08:04:50 fc4 pluto[1213]: | my identity 44 76 5b 49
Jul 18 08:04:50 fc4 pluto[1213]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 12
Jul 18 08:04:50 fc4 pluto[1213]: | hashing 144 bytes of SA
Jul 18 08:04:50 fc4 pluto[1213]: | ***emit ISAKMP Hash Payload:
Jul 18 08:04:50 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:50 fc4 pluto[1213]: | emitting 16 raw bytes of HASH_I into
ISAKMP Hash Payload
Jul 18 08:04:50 fc4 pluto[1213]: | HASH_I 42 c0 38 a0 52 9b 11 0b 76 ac d7
de 37 c5 ca be
Jul 18 08:04:50 fc4 pluto[1213]: | emitting length of ISAKMP Hash Payload:
20
Jul 18 08:04:50 fc4 pluto[1213]: | encrypting:
Jul 18 08:04:50 fc4 pluto[1213]: | 08 00 00 0c 01 00 00 00 44 76 5b 49 00
00 00 14
Jul 18 08:04:50 fc4 pluto[1213]: | 42 c0 38 a0 52 9b 11 0b 76 ac d7 de 37
c5 ca be
Jul 18 08:04:50 fc4 pluto[1213]: | IV:
Jul 18 08:04:50 fc4 pluto[1213]: | ab 8f d3 c7 7f 3e 4a e6 5e 0c ff 13 72
77 67 0c
Jul 18 08:04:50 fc4 pluto[1213]: | encrypting using OAKLEY_3DES_CBC
Jul 18 08:04:50 fc4 pluto[1213]: | next IV: 05 62 ae 6a 2b 80 9b 97
Jul 18 08:04:50 fc4 pluto[1213]: | emitting length of ISAKMP Message: 60
Jul 18 08:04:50 fc4 pluto[1213]: | complete state transition with STF_OK
Jul 18 08:04:50 fc4 pluto[1213]: "net-to-net" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 18 08:04:50 fc4 pluto[1213]: | sending reply packet to
68.106.151.150:500 (from port=500)
Jul 18 08:04:50 fc4 pluto[1213]: | sending 60 bytes for STATE_MAIN_I2
through eth0:500 to 68.106.151.150:500:
Jul 18 08:04:51 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | 05 10 02 01 00 00 00 00 00 00 00 3c c1
2d 46 bb
Jul 18 08:04:51 fc4 pluto[1213]: | 66 d8 97 16 bd ba 2d 7a dd 29 2d 84 29
31 01 7f
Jul 18 08:04:51 fc4 pluto[1213]: | 1a 01 36 26 05 62 ae 6a 2b 80 9b 97
Jul 18 08:04:51 fc4 pluto[1213]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jul 18 08:04:51 fc4 pluto[1213]: "net-to-net" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
Jul 18 08:04:51 fc4 pluto[1213]: | modecfg pull: noquirk policy:push
not-client
Jul 18 08:04:51 fc4 pluto[1213]: | phase 1 is done, looking for phase 1 to
unpend
Jul 18 08:04:51 fc4 pluto[1213]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jul 18 08:04:51 fc4 pluto[1213]: |
Jul 18 08:04:51 fc4 pluto[1213]: | *received 60 bytes from
68.106.151.150:500 on eth0 (port=500)
Jul 18 08:04:51 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | 05 10 02 01 00 00 00 00 00 00 00 3c 7a
ab b6 83
Jul 18 08:04:51 fc4 pluto[1213]: | ec da a9 41 b2 c6 fd 4e 2c d3 47 4f e7
66 da ca
Jul 18 08:04:51 fc4 pluto[1213]: | 45 18 5a e7 54 bb fd 56 cf e2 f9 58
Jul 18 08:04:51 fc4 pluto[1213]: | **parse ISAKMP Message:
Jul 18 08:04:51 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:51 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:51 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:51 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:51 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:51 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_IDPROT
Jul 18 08:04:51 fc4 pluto[1213]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 18 08:04:51 fc4 pluto[1213]: | message ID: 00 00 00 00
Jul 18 08:04:51 fc4 pluto[1213]: | length: 60
Jul 18 08:04:51 fc4 pluto[1213]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jul 18 08:04:51 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:51 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:51 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:51 fc4 pluto[1213]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jul 18 08:04:51 fc4 pluto[1213]: | state object #1 found, in STATE_MAIN_I3
Jul 18 08:04:51 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:51 fc4 pluto[1213]: | received encrypted packet from
68.106.151.150:500
Jul 18 08:04:51 fc4 pluto[1213]: | decrypting 32 bytes using algorithm
OAKLEY_3DES_CBC
Jul 18 08:04:51 fc4 pluto[1213]: | decrypted:
Jul 18 08:04:51 fc4 pluto[1213]: | 08 00 00 0c 01 00 00 00 44 ba 97 96 00
00 00 14
Jul 18 08:04:51 fc4 pluto[1213]: | 87 d6 f7 e7 eb 5d 4f 91 6a ad 36 d8 c1
01 43 16
Jul 18 08:04:51 fc4 pluto[1213]: | next IV: 54 bb fd 56 cf e2 f9 58
Jul 18 08:04:51 fc4 pluto[1213]: | ***parse ISAKMP Identification Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_HASH
Jul 18 08:04:51 fc4 pluto[1213]: | length: 12
Jul 18 08:04:51 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR
Jul 18 08:04:51 fc4 pluto[1213]: | DOI specific A: 0
Jul 18 08:04:51 fc4 pluto[1213]: | DOI specific B: 0
Jul 18 08:04:51 fc4 pluto[1213]: | ***parse ISAKMP Hash Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:51 fc4 pluto[1213]: | length: 20
Jul 18 08:04:51 fc4 pluto[1213]: "net-to-net" #1: Main mode peer ID is
ID_IPV4_ADDR: '68.106.151.150'
Jul 18 08:04:51 fc4 pluto[1213]: | hashing 144 bytes of SA
Jul 18 08:04:51 fc4 pluto[1213]: | authentication succeeded
Jul 18 08:04:51 fc4 pluto[1213]: | complete state transition with STF_OK
Jul 18 08:04:51 fc4 pluto[1213]: "net-to-net" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 18 08:04:51 fc4 pluto[1213]: | inserting event EVENT_SA_REPLACE,
timeout in 2867 seconds for #1
Jul 18 08:04:51 fc4 pluto[1213]: "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
Jul 18 08:04:51 fc4 pluto[1213]: | modecfg pull: noquirk policy:push
not-client
Jul 18 08:04:51 fc4 pluto[1213]: | phase 1 is done, looking for phase 1 to
unpend
Jul 18 08:04:51 fc4 pluto[1213]: | unqueuing pending Quick Mode with
68.106.151.150 "net-to-net"
Jul 18 08:04:51 fc4 pluto[1213]: | duplicating state object #1
Jul 18 08:04:51 fc4 pluto[1213]: | creating state object #2 at 0x94cf000
Jul 18 08:04:51 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:51 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:51 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:51 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:51 fc4 pluto[1213]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Jul 18 08:04:51 fc4 pluto[1213]: "net-to-net" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jul 18 08:04:51 fc4 pluto[1213]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Jul 18 08:04:51 fc4 pluto[1213]: | asking helper 0 to do build_kenonce op
on seq: 2
Jul 18 08:04:51 fc4 pluto[1213]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #2
Jul 18 08:04:51 fc4 pluto[1219]: ! helper -1 doing build_kenonce op id: 2
Jul 18 08:04:51 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 106
seconds
Jul 18 08:04:51 fc4 pluto[1219]: ! Local DH secret:
Jul 18 08:04:51 fc4 pluto[1219]: ! 23 29 e7 35 ce 38 b4 c4 1d 31 2b aa 0d
68 9b 7c
Jul 18 08:04:51 fc4 pluto[1219]: ! ed 14 69 65 49 c0 51 37 81 2e b5 7d a2
a9 5b dd
Jul 18 08:04:51 fc4 pluto[1219]: ! Public DH value sent:
Jul 18 08:04:51 fc4 pluto[1219]: ! e1 9a da f3 52 78 4c 03 64 9c 3a 90 25
ad 26 08
Jul 18 08:04:51 fc4 pluto[1219]: ! 92 18 9a f6 e2 f9 22 5d bd 48 73 cb c7
6d a0 91
Jul 18 08:04:51 fc4 pluto[1219]: ! 78 58 c7 f2 a5 72 48 b0 81 1c 5e 0e cc
c8 8b 2d
Jul 18 08:04:51 fc4 pluto[1219]: ! b4 01 33 1b b4 01 22 03 88 2e 9f 02 1b
8b 3a 92
Jul 18 08:04:51 fc4 pluto[1219]: ! 67 9f 85 a5 de 1c 65 d5 f9 fa b5 d2 fd
20 6f 43
Jul 18 08:04:51 fc4 pluto[1219]: ! c0 dc fe 9e 78 e8 aa 25 81 8a 1e 79 5b
a5 c0 56
Jul 18 08:04:51 fc4 pluto[1219]: ! be 85 6d 46 d7 c8 e8 c9 3d bb c9 7a 70
0f df bd
Jul 18 08:04:51 fc4 pluto[1219]: ! c8 78 63 cb 05 de 57 6b 81 38 8b 61 57
47 99 54
Jul 18 08:04:51 fc4 pluto[1219]: ! 8b d3 98 0b 73 f1 33 04 87 01 17 d8 cc
a0 3c 76
Jul 18 08:04:51 fc4 pluto[1219]: ! 6b 32 50 b9 b7 5d a5 2c ce 3f e2 4a ff
5a 09 4d
Jul 18 08:04:51 fc4 pluto[1219]: ! 1f f4 54 13 ed 10 43 af 2a 31 9e 70 e1
1f 95 81
Jul 18 08:04:51 fc4 pluto[1219]: ! e8 3a 96 a2 14 19 bf 41 24 5f 70 72 14
bb 99 fb
Jul 18 08:04:51 fc4 pluto[1219]: ! Generated nonce:
Jul 18 08:04:51 fc4 pluto[1219]: ! e1 ec 71 b1 35 03 2d 2c f7 40 5c ba c1
83 78 ae
Jul 18 08:04:51 fc4 pluto[1213]: | helper 0 has work (cnt now 0)
Jul 18 08:04:51 fc4 pluto[1213]: | helper 0 replies to sequence 2
Jul 18 08:04:51 fc4 pluto[1213]: | calling callback function 0x2b2370
Jul 18 08:04:51 fc4 pluto[1213]: | quick outI1: calculated ke+nonce,
sending I1
Jul 18 08:04:51 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:51 fc4 pluto[1213]: | **emit ISAKMP Message:
Jul 18 08:04:51 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:51 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:51 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:51 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_HASH
Jul 18 08:04:51 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:51 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_QUICK
Jul 18 08:04:51 fc4 pluto[1213]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 18 08:04:51 fc4 pluto[1213]: | message ID: b0 9d 69 f2
Jul 18 08:04:51 fc4 pluto[1213]: | ***emit ISAKMP Hash Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_SA
Jul 18 08:04:51 fc4 pluto[1213]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Hash Payload:
20
Jul 18 08:04:51 fc4 pluto[1213]: | empty esp_info, returning empty
Jul 18 08:04:51 fc4 pluto[1213]: | ***emit ISAKMP Security Association
Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONCE
Jul 18 08:04:51 fc4 pluto[1213]: | DOI: ISAKMP_DOI_IPSEC
Jul 18 08:04:51 fc4 pluto[1213]: | ****emit IPsec DOI SIT:
Jul 18 08:04:51 fc4 pluto[1213]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 18 08:04:51 fc4 pluto[1213]: | out_sa pcn: 0 has 1 valid proposals
Jul 18 08:04:51 fc4 pluto[1213]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jul 18 08:04:51 fc4 pluto[1213]: | ****emit ISAKMP Proposal Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:51 fc4 pluto[1213]: | proposal number: 0
Jul 18 08:04:51 fc4 pluto[1213]: | protocol ID: PROTO_IPSEC_ESP
Jul 18 08:04:51 fc4 pluto[1213]: | SPI size: 4
Jul 18 08:04:51 fc4 pluto[1213]: | number of transforms: 4
Jul 18 08:04:51 fc4 pluto[1213]: | netlink_get_spi: allocated 0xa406c562
for esp.0 at 68.108.91.73
Jul 18 08:04:51 fc4 pluto[1213]: | emitting 4 raw bytes of SPI into ISAKMP
Proposal Payload
Jul 18 08:04:51 fc4 pluto[1213]: | SPI a4 06 c5 62
Jul 18 08:04:51 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ESP):
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:51 fc4 pluto[1213]: | transform number: 0
Jul 18 08:04:51 fc4 pluto[1213]: | transform ID: ESP_AES
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: GROUP_DESCRIPTION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:51 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: ENCAPSULATION_MODE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_TYPE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_DURATION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 28800
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: AUTH_ALGORITHM
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:51 fc4 pluto[1213]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jul 18 08:04:51 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ESP):
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:51 fc4 pluto[1213]: | transform number: 1
Jul 18 08:04:51 fc4 pluto[1213]: | transform ID: ESP_AES
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: GROUP_DESCRIPTION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:51 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: ENCAPSULATION_MODE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_TYPE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_DURATION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 28800
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: AUTH_ALGORITHM
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jul 18 08:04:51 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ESP):
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_T
Jul 18 08:04:51 fc4 pluto[1213]: | transform number: 2
Jul 18 08:04:51 fc4 pluto[1213]: | transform ID: ESP_3DES
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: GROUP_DESCRIPTION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:51 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: ENCAPSULATION_MODE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_TYPE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_DURATION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 28800
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: AUTH_ALGORITHM
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:51 fc4 pluto[1213]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jul 18 08:04:51 fc4 pluto[1213]: | *****emit ISAKMP Transform Payload
(ESP):
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:51 fc4 pluto[1213]: | transform number: 3
Jul 18 08:04:51 fc4 pluto[1213]: | transform ID: ESP_3DES
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: GROUP_DESCRIPTION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:51 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: ENCAPSULATION_MODE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_TYPE
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: SA_LIFE_DURATION
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 28800
Jul 18 08:04:51 fc4 pluto[1213]: | ******emit ISAKMP IPsec DOI attribute:
Jul 18 08:04:51 fc4 pluto[1213]: | af+type: AUTH_ALGORITHM
Jul 18 08:04:51 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:51 fc4 pluto[1213]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Proposal
Payload: 124
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Security
Association Payload: 136
Jul 18 08:04:51 fc4 pluto[1213]: | ***emit ISAKMP Nonce Payload:
Jul 18 08:04:51 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_KE
Jul 18 08:04:51 fc4 pluto[1213]: | emitting 16 raw bytes of Ni into ISAKMP
Nonce Payload
Jul 18 08:04:51 fc4 pluto[1213]: | Ni e1 ec 71 b1 35 03 2d 2c f7 40 5c ba
c1 83 78 ae
Jul 18 08:04:51 fc4 pluto[1213]: | emitting length of ISAKMP Nonce
Payload: 20
Jul 18 08:04:52 fc4 pluto[1213]: | ***emit ISAKMP Key Exchange Payload:
Jul 18 08:04:52 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 192 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jul 18 08:04:52 fc4 pluto[1213]: | keyex value e1 9a da f3 52 78 4c 03 64
9c 3a 90 25 ad 26 08
Jul 18 08:04:52 fc4 pluto[1213]: | 92 18 9a f6 e2 f9 22 5d bd 48 73 cb c7
6d a0 91
Jul 18 08:04:52 fc4 pluto[1213]: | 78 58 c7 f2 a5 72 48 b0 81 1c 5e 0e cc
c8 8b 2d
Jul 18 08:04:52 fc4 pluto[1213]: | b4 01 33 1b b4 01 22 03 88 2e 9f 02 1b
8b 3a 92
Jul 18 08:04:52 fc4 pluto[1213]: | 67 9f 85 a5 de 1c 65 d5 f9 fa b5 d2 fd
20 6f 43
Jul 18 08:04:52 fc4 pluto[1213]: | c0 dc fe 9e 78 e8 aa 25 81 8a 1e 79 5b
a5 c0 56
Jul 18 08:04:52 fc4 pluto[1213]: | be 85 6d 46 d7 c8 e8 c9 3d bb c9 7a 70
0f df bd
Jul 18 08:04:52 fc4 pluto[1213]: | c8 78 63 cb 05 de 57 6b 81 38 8b 61 57
47 99 54
Jul 18 08:04:52 fc4 pluto[1213]: | 8b d3 98 0b 73 f1 33 04 87 01 17 d8 cc
a0 3c 76
Jul 18 08:04:52 fc4 pluto[1213]: | 6b 32 50 b9 b7 5d a5 2c ce 3f e2 4a ff
5a 09 4d
Jul 18 08:04:52 fc4 pluto[1213]: | 1f f4 54 13 ed 10 43 af 2a 31 9e 70 e1
1f 95 81
Jul 18 08:04:52 fc4 pluto[1213]: | e8 3a 96 a2 14 19 bf 41 24 5f 70 72 14
bb 99 fb
Jul 18 08:04:52 fc4 pluto[1213]: | emitting length of ISAKMP Key Exchange
Payload: 196
Jul 18 08:04:52 fc4 pluto[1213]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jul 18 08:04:52 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:52 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 18 08:04:52 fc4 pluto[1213]: | Protocol ID: 0
Jul 18 08:04:52 fc4 pluto[1213]: | port: 0
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jul 18 08:04:52 fc4 pluto[1213]: | client network c0 a8 32 00
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jul 18 08:04:52 fc4 pluto[1213]: | client mask ff ff ff 00
Jul 18 08:04:52 fc4 pluto[1213]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jul 18 08:04:52 fc4 pluto[1213]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jul 18 08:04:52 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:52 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 18 08:04:52 fc4 pluto[1213]: | Protocol ID: 0
Jul 18 08:04:52 fc4 pluto[1213]: | port: 0
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jul 18 08:04:52 fc4 pluto[1213]: | client network 0a 51 00 00
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jul 18 08:04:52 fc4 pluto[1213]: | client mask ff ff 00 00
Jul 18 08:04:52 fc4 pluto[1213]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jul 18 08:04:52 fc4 pluto[1213]: | HASH(1) computed:
Jul 18 08:04:52 fc4 pluto[1213]: | aa 2c c0 24 41 48 ea d0 d5 b8 3e fe 0e
39 bb 78
Jul 18 08:04:52 fc4 pluto[1213]: | last Phase 1 IV: 54 bb fd 56 cf e2 f9
58
Jul 18 08:04:52 fc4 pluto[1213]: | current Phase 1 IV: 54 bb fd 56 cf e2
f9 58
Jul 18 08:04:52 fc4 pluto[1213]: | computed Phase 2 IV:
Jul 18 08:04:52 fc4 pluto[1213]: | d9 4e 5d ab 32 6b 0e bb e6 5c 91 d0 a3
66 a3 9a
Jul 18 08:04:52 fc4 pluto[1213]: | encrypting:
Jul 18 08:04:52 fc4 pluto[1213]: | 01 00 00 14 aa 2c c0 24 41 48 ea d0 d5
b8 3e fe
Jul 18 08:04:52 fc4 pluto[1213]: | 0e 39 bb 78 0a 00 00 88 00 00 00 01 00
00 00 01
Jul 18 08:04:52 fc4 pluto[1213]: | 00 00 00 7c 00 03 04 04 a4 06 c5 62 03
00 00 1c
Jul 18 08:04:52 fc4 pluto[1213]: | 00 0c 00 00 80 03 00 05 80 04 00 01 80
01 00 01
Jul 18 08:04:52 fc4 pluto[1213]: | 80 02 70 80 80 05 00 02 03 00 00 1c 01
0c 00 00
Jul 18 08:04:52 fc4 pluto[1213]: | 80 03 00 05 80 04 00 01 80 01 00 01 80
02 70 80
Jul 18 08:04:52 fc4 pluto[1213]: | 80 05 00 01 03 00 00 1c 02 03 00 00 80
03 00 05
Jul 18 08:04:52 fc4 pluto[1213]: | 80 04 00 01 80 01 00 01 80 02 70 80 80
05 00 02
Jul 18 08:04:52 fc4 pluto[1213]: | 00 00 00 1c 03 03 00 00 80 03 00 05 80
04 00 01
Jul 18 08:04:52 fc4 pluto[1213]: | 80 01 00 01 80 02 70 80 80 05 00 01 04
00 00 14
Jul 18 08:04:52 fc4 pluto[1213]: | e1 ec 71 b1 35 03 2d 2c f7 40 5c ba c1
83 78 ae
Jul 18 08:04:52 fc4 pluto[1213]: | 05 00 00 c4 e1 9a da f3 52 78 4c 03 64
9c 3a 90
Jul 18 08:04:52 fc4 pluto[1213]: | 25 ad 26 08 92 18 9a f6 e2 f9 22 5d bd
48 73 cb
Jul 18 08:04:52 fc4 pluto[1213]: | c7 6d a0 91 78 58 c7 f2 a5 72 48 b0 81
1c 5e 0e
Jul 18 08:04:52 fc4 pluto[1213]: | cc c8 8b 2d b4 01 33 1b b4 01 22 03 88
2e 9f 02
Jul 18 08:04:52 fc4 pluto[1213]: | 1b 8b 3a 92 67 9f 85 a5 de 1c 65 d5 f9
fa b5 d2
Jul 18 08:04:52 fc4 pluto[1213]: | fd 20 6f 43 c0 dc fe 9e 78 e8 aa 25 81
8a 1e 79
Jul 18 08:04:52 fc4 pluto[1213]: | 5b a5 c0 56 be 85 6d 46 d7 c8 e8 c9 3d
bb c9 7a
Jul 18 08:04:52 fc4 pluto[1213]: | 70 0f df bd c8 78 63 cb 05 de 57 6b 81
38 8b 61
Jul 18 08:04:52 fc4 pluto[1213]: | 57 47 99 54 8b d3 98 0b 73 f1 33 04 87
01 17 d8
Jul 18 08:04:52 fc4 pluto[1213]: | cc a0 3c 76 6b 32 50 b9 b7 5d a5 2c ce
3f e2 4a
Jul 18 08:04:52 fc4 pluto[1213]: | ff 5a 09 4d 1f f4 54 13 ed 10 43 af 2a
31 9e 70
Jul 18 08:04:52 fc4 pluto[1213]: | e1 1f 95 81 e8 3a 96 a2 14 19 bf 41 24
5f 70 72
Jul 18 08:04:52 fc4 pluto[1213]: | 14 bb 99 fb 05 00 00 10 04 00 00 00 c0
a8 32 00
Jul 18 08:04:52 fc4 pluto[1213]: | ff ff ff 00 00 00 00 10 04 00 00 00 0a
51 00 00
Jul 18 08:04:52 fc4 pluto[1213]: | ff ff 00 00
Jul 18 08:04:52 fc4 pluto[1213]: | IV:
Jul 18 08:04:52 fc4 pluto[1213]: | d9 4e 5d ab 32 6b 0e bb e6 5c 91 d0 a3
66 a3 9a
Jul 18 08:04:52 fc4 pluto[1213]: | emitting 4 zero bytes of encryption
padding into ISAKMP Message
Jul 18 08:04:52 fc4 pluto[1213]: | encrypting using OAKLEY_3DES_CBC
Jul 18 08:04:52 fc4 pluto[1213]: | next IV: 79 4f d6 74 9e 89 18 ac
Jul 18 08:04:52 fc4 pluto[1213]: | emitting length of ISAKMP Message: 436
Jul 18 08:04:52 fc4 pluto[1213]: | sending 436 bytes for quick_outI1
through eth0:500 to 68.106.151.150:500:
Jul 18 08:04:52 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:52 fc4 pluto[1213]: | 08 10 20 01 b0 9d 69 f2 00 00 01 b4 43
14 bb 7d
Jul 18 08:04:52 fc4 pluto[1213]: | 4e 60 3e ae de 3a d7 87 45 c2 b8 50 b5
c0 d5 c4
Jul 18 08:04:52 fc4 pluto[1213]: | ac 9e ee f3 da 28 bc fb e7 95 25 43 c4
ca 12 57
Jul 18 08:04:52 fc4 pluto[1213]: | 44 89 80 4c c1 d8 38 63 69 99 5c 71 4b
f6 42 0b
Jul 18 08:04:52 fc4 pluto[1213]: | 38 3a e5 59 da 82 52 46 3f 95 3d f5 73
76 04 98
Jul 18 08:04:52 fc4 pluto[1213]: | 49 c5 01 d8 e0 78 37 22 46 0e 3d c2 12
36 0e 8d
Jul 18 08:04:52 fc4 pluto[1213]: | 52 c8 4c 14 e5 24 c2 fe ed a4 6f b9 c5
96 19 35
Jul 18 08:04:52 fc4 pluto[1213]: | a1 d1 e0 81 6d 8a e5 43 24 f0 39 fb 17
01 08 22
Jul 18 08:04:52 fc4 pluto[1213]: | 3d 77 a3 f6 91 a5 3b a8 ad a6 17 4c 7f
bf 0c ba
Jul 18 08:04:52 fc4 pluto[1213]: | 1b 9d 7f 1c b5 ba 37 c2 0d f2 36 d3 58
34 3f 1d
Jul 18 08:04:52 fc4 pluto[1213]: | 1d 89 af e8 cf 99 30 a8 d6 a4 04 c3 d2
bd f8 d5
Jul 18 08:04:52 fc4 pluto[1213]: | 37 c8 3a 59 ea 6c 3b 7d 06 ba e5 5f 5d
6c b1 31
Jul 18 08:04:52 fc4 pluto[1213]: | ab 5d da 41 ab 15 73 4a 51 e2 0d 81 d7
15 d9 88
Jul 18 08:04:52 fc4 pluto[1213]: | 9a e1 aa d0 3c b7 47 6b 65 1c 70 bc b2
50 ae b3
Jul 18 08:04:52 fc4 pluto[1213]: | 53 a8 3a e2 57 67 bb 5b d9 6e 5a 40 c8
11 61 23
Jul 18 08:04:52 fc4 pluto[1213]: | 34 48 44 47 d2 68 cf 14 ad f9 8c 62 fa
07 08 16
Jul 18 08:04:52 fc4 pluto[1213]: | 43 05 7a d0 c6 32 e4 53 9f 57 f2 74 73
45 43 34
Jul 18 08:04:52 fc4 pluto[1213]: | 78 91 5b e4 34 3d 19 f7 ed 48 0a 1d 0a
90 f3 44
Jul 18 08:04:52 fc4 pluto[1213]: | 51 82 f7 92 e5 21 7b f0 b2 80 29 32 d3
d1 79 d2
Jul 18 08:04:52 fc4 pluto[1213]: | d1 e8 4c 0b ea 4b 8a f1 d6 af 0c c1 ec
79 68 4a
Jul 18 08:04:52 fc4 pluto[1213]: | 0e 6d 36 67 df a2 00 0c 65 4c 55 cd 20
6a af 7c
Jul 18 08:04:52 fc4 pluto[1213]: | e1 ec 7b 55 ea 4b 1b c3 7e b4 fa 80 f4
0e c2 08
Jul 18 08:04:52 fc4 pluto[1213]: | af 02 84 77 71 af 35 6d cc 52 95 07 7d
7f 44 24
Jul 18 08:04:52 fc4 pluto[1213]: | 67 26 91 b0 0e 1d 48 a7 0e 98 af 75 c9
92 6d cb
Jul 18 08:04:52 fc4 pluto[1213]: | c7 5b 76 fe 1b b8 93 d8 60 ce f6 5c 00
6a 41 9c
Jul 18 08:04:52 fc4 pluto[1213]: | ca a7 1b 6c cc a6 0f 75 42 30 2e dc 79
4f d6 74
Jul 18 08:04:52 fc4 pluto[1213]: | 9e 89 18 ac
Jul 18 08:04:52 fc4 pluto[1213]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Jul 18 08:04:52 fc4 pluto[1213]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Jul 18 08:04:52 fc4 pluto[1213]: |
Jul 18 08:04:52 fc4 pluto[1213]: | *received 348 bytes from
68.106.151.150:500 on eth0 (port=500)
Jul 18 08:04:52 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:52 fc4 pluto[1213]: | 08 10 20 01 b0 9d 69 f2 00 00 01 5c 27
b8 06 28
Jul 18 08:04:52 fc4 pluto[1213]: | b5 23 4e af 77 4d 58 53 9f 0e 8b 74 52
66 22 9c
Jul 18 08:04:52 fc4 pluto[1213]: | ea 98 6e 13 b7 45 d6 38 a3 04 5d a0 ac
01 26 51
Jul 18 08:04:52 fc4 pluto[1213]: | 6a 88 90 da ba 14 78 47 05 23 50 5e d0
28 ff f6
Jul 18 08:04:52 fc4 pluto[1213]: | 58 3f 37 65 3e 5b b2 09 c5 f6 4c c8 dc
25 77 85
Jul 18 08:04:52 fc4 pluto[1213]: | c4 5d a4 31 9b 7f 43 8f 9a 43 31 88 e0
27 d4 6b
Jul 18 08:04:52 fc4 pluto[1213]: | b6 29 31 ee 7c ea 53 91 e6 7d f2 92 5b
b6 41 7b
Jul 18 08:04:52 fc4 pluto[1213]: | 85 5c 30 96 34 cf ed e6 cf e0 5f 21 bb
91 74 50
Jul 18 08:04:52 fc4 pluto[1213]: | 21 eb a8 5c b3 40 9a 74 7b 48 c1 18 6d
86 80 a5
Jul 18 08:04:52 fc4 pluto[1213]: | 5d b6 37 1b f4 2b 89 a2 7b 99 27 2d 2d
77 f8 b1
Jul 18 08:04:52 fc4 pluto[1213]: | bb 44 69 f6 12 07 eb 33 7d 89 9d c0 f7
61 60 fb
Jul 18 08:04:52 fc4 pluto[1213]: | 7c c7 d7 89 93 ae 24 43 ea d2 26 e9 1e
e1 87 51
Jul 18 08:04:52 fc4 pluto[1213]: | 2d 6b 32 85 16 8e a5 c9 18 b9 45 0c b7
a1 68 7e
Jul 18 08:04:52 fc4 pluto[1213]: | 13 d4 01 6a fc 65 f9 7f 3e ea 26 e4 73
00 77 8d
Jul 18 08:04:52 fc4 pluto[1213]: | 44 04 1c f3 1d 57 ca c1 cd 92 18 5a 1f
52 4f 40
Jul 18 08:04:52 fc4 pluto[1213]: | ca fd 90 94 24 75 48 90 20 c1 73 0d 25
f5 11 74
Jul 18 08:04:52 fc4 pluto[1213]: | 6a bb 85 f8 ab 79 f8 f0 98 02 50 7e 2b
72 39 49
Jul 18 08:04:52 fc4 pluto[1213]: | 02 08 fc 36 32 7e bc a7 84 05 1e 39 e4
9c 9d 7a
Jul 18 08:04:52 fc4 pluto[1213]: | 1e 0f 0e 10 f9 46 54 a4 8a 06 cb 84 99
d8 80 3c
Jul 18 08:04:52 fc4 pluto[1213]: | 59 f8 22 2d 67 1f 4a 01 a0 9d 8c 26 07
1f ec 7f
Jul 18 08:04:52 fc4 pluto[1213]: | 66 ac 55 46 43 e1 a0 8c c2 86 a0 82
Jul 18 08:04:52 fc4 pluto[1213]: | **parse ISAKMP Message:
Jul 18 08:04:52 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:52 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:52 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:52 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:52 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_HASH
Jul 18 08:04:52 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:52 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_QUICK
Jul 18 08:04:52 fc4 pluto[1213]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 18 08:04:52 fc4 pluto[1213]: | message ID: b0 9d 69 f2
Jul 18 08:04:52 fc4 pluto[1213]: | length: 348
Jul 18 08:04:52 fc4 pluto[1213]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Jul 18 08:04:52 fc4 pluto[1213]: | ICOOKIE: c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:52 fc4 pluto[1213]: | RCOOKIE: 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:52 fc4 pluto[1213]: | peer: 44 ba 97 96
Jul 18 08:04:52 fc4 pluto[1213]: | state hash entry 1
Jul 18 08:04:53 fc4 pluto[1213]: | peer and cookies match on #2, provided
msgid b09d69f2 vs b09d69f2
Jul 18 08:04:53 fc4 pluto[1213]: | state object #2 found, in
STATE_QUICK_I1
Jul 18 08:04:53 fc4 pluto[1213]: | processing connection net-to-net
Jul 18 08:04:53 fc4 pluto[1213]: | received encrypted packet from
68.106.151.150:500
Jul 18 08:04:53 fc4 pluto[1213]: | decrypting 320 bytes using algorithm
OAKLEY_3DES_CBC
Jul 18 08:04:53 fc4 pluto[1213]: | decrypted:
Jul 18 08:04:53 fc4 pluto[1213]: | 01 00 00 14 e7 b3 40 ca 39 6e b2 ef 0f
ad 93 f2
Jul 18 08:04:53 fc4 pluto[1213]: | 34 d9 60 04 0a 00 00 34 00 00 00 01 00
00 00 01
Jul 18 08:04:53 fc4 pluto[1213]: | 00 00 00 28 00 03 04 01 7c c0 fa ef 00
00 00 1c
Jul 18 08:04:53 fc4 pluto[1213]: | 00 0c 00 00 80 03 00 05 80 04 00 01 80
01 00 01
Jul 18 08:04:53 fc4 pluto[1213]: | 80 02 70 80 80 05 00 02 04 00 00 14 b4
b9 04 e7
Jul 18 08:04:53 fc4 pluto[1213]: | 36 93 56 04 be 1f a7 89 eb 91 8e 88 05
00 00 c4
Jul 18 08:04:53 fc4 pluto[1213]: | fe 76 a3 04 ab 38 77 1e 05 b2 86 2d 9f
7a ee bc
Jul 18 08:04:53 fc4 pluto[1213]: | bd de 25 20 7d b5 2a a7 12 04 f3 51 7d
f1 b2 b0
Jul 18 08:04:53 fc4 pluto[1213]: | 78 24 3f ae 34 ab 97 1f c9 f0 c0 e1 35
53 82 c6
Jul 18 08:04:53 fc4 pluto[1213]: | 32 3d 63 3f c3 be ec 00 58 f6 72 e4 fa
be 4d 90
Jul 18 08:04:53 fc4 pluto[1213]: | 5c f4 a1 74 b3 70 c5 36 d1 e3 c2 08 f3
21 1d f2
Jul 18 08:04:53 fc4 pluto[1213]: | 6a 85 0d 28 8f 0e 30 f6 e7 4e 52 27 0d
33 0b 91
Jul 18 08:04:53 fc4 pluto[1213]: | d1 28 f9 7d cc 79 ce 48 63 a0 4c 32 6c
8e 13 a6
Jul 18 08:04:53 fc4 pluto[1213]: | b7 3d 17 9c e8 25 86 03 77 a9 0b c4 61
c9 c2 61
Jul 18 08:04:53 fc4 pluto[1213]: | 29 70 93 7d df 1e 29 c9 48 32 81 7e 58
f0 e3 2b
Jul 18 08:04:53 fc4 pluto[1213]: | 47 0a c8 75 4e f7 c5 36 6f 38 de ab 39
c5 f4 b6
Jul 18 08:04:53 fc4 pluto[1213]: | 2a 61 37 ff 03 d1 42 80 05 2f 20 22 81
76 42 63
Jul 18 08:04:53 fc4 pluto[1213]: | 6c b1 49 dd a0 13 8d 54 aa 26 23 63 14
17 68 79
Jul 18 08:04:53 fc4 pluto[1213]: | 05 00 00 10 04 00 00 00 c0 a8 32 00 ff
ff ff 00
Jul 18 08:04:53 fc4 pluto[1213]: | 00 00 00 10 04 00 00 00 0a 51 00 00 ff
ff 00 00
Jul 18 08:04:53 fc4 pluto[1213]: | next IV: 43 e1 a0 8c c2 86 a0 82
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Hash Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_SA
Jul 18 08:04:53 fc4 pluto[1213]: | length: 20
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Security Association
Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONCE
Jul 18 08:04:53 fc4 pluto[1213]: | length: 52
Jul 18 08:04:53 fc4 pluto[1213]: | DOI: ISAKMP_DOI_IPSEC
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Nonce Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_KE
Jul 18 08:04:53 fc4 pluto[1213]: | length: 20
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Key Exchange Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:53 fc4 pluto[1213]: | length: 196
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_ID
Jul 18 08:04:53 fc4 pluto[1213]: | length: 16
Jul 18 08:04:53 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 18 08:04:53 fc4 pluto[1213]: | Protocol ID: 0
Jul 18 08:04:53 fc4 pluto[1213]: | port: 0
Jul 18 08:04:53 fc4 pluto[1213]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:53 fc4 pluto[1213]: | length: 16
Jul 18 08:04:53 fc4 pluto[1213]: | ID type: ID_IPV4_ADDR_SUBNET
Jul 18 08:04:53 fc4 pluto[1213]: | Protocol ID: 0
Jul 18 08:04:53 fc4 pluto[1213]: | port: 0
Jul 18 08:04:53 fc4 pluto[1213]: | **emit ISAKMP Message:
Jul 18 08:04:53 fc4 pluto[1213]: | initiator cookie:
Jul 18 08:04:53 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b
Jul 18 08:04:53 fc4 pluto[1213]: | responder cookie:
Jul 18 08:04:53 fc4 pluto[1213]: | 71 f9 44 bf f5 11 d9 ca
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_HASH
Jul 18 08:04:53 fc4 pluto[1213]: | ISAKMP version: ISAKMP Version 1.0
Jul 18 08:04:53 fc4 pluto[1213]: | exchange type: ISAKMP_XCHG_QUICK
Jul 18 08:04:53 fc4 pluto[1213]: | flags: ISAKMP_FLAG_ENCRYPTION
Jul 18 08:04:53 fc4 pluto[1213]: | message ID: b0 9d 69 f2
Jul 18 08:04:53 fc4 pluto[1213]: | HASH(2) computed:
Jul 18 08:04:53 fc4 pluto[1213]: | e7 b3 40 ca 39 6e b2 ef 0f ad 93 f2 34
d9 60 04
Jul 18 08:04:53 fc4 pluto[1213]: | ****parse IPsec DOI SIT:
Jul 18 08:04:53 fc4 pluto[1213]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jul 18 08:04:53 fc4 pluto[1213]: | ****parse ISAKMP Proposal Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:53 fc4 pluto[1213]: | length: 40
Jul 18 08:04:53 fc4 pluto[1213]: | proposal number: 0
Jul 18 08:04:53 fc4 pluto[1213]: | protocol ID: PROTO_IPSEC_ESP
Jul 18 08:04:53 fc4 pluto[1213]: | SPI size: 4
Jul 18 08:04:53 fc4 pluto[1213]: | number of transforms: 1
Jul 18 08:04:53 fc4 pluto[1213]: | parsing 4 raw bytes of ISAKMP Proposal
Payload into SPI
Jul 18 08:04:53 fc4 pluto[1213]: | SPI 7c c0 fa ef
Jul 18 08:04:53 fc4 pluto[1213]: | *****parse ISAKMP Transform Payload
(ESP):
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:53 fc4 pluto[1213]: | length: 28
Jul 18 08:04:53 fc4 pluto[1213]: | transform number: 0
Jul 18 08:04:53 fc4 pluto[1213]: | transform ID: ESP_AES
Jul 18 08:04:53 fc4 pluto[1213]: | ******parse ISAKMP IPsec DOI attribute:
Jul 18 08:04:53 fc4 pluto[1213]: | af+type: GROUP_DESCRIPTION
Jul 18 08:04:53 fc4 pluto[1213]: | length/value: 5
Jul 18 08:04:53 fc4 pluto[1213]: | [5 is OAKLEY_GROUP_MODP1536]
Jul 18 08:04:53 fc4 pluto[1213]: | ******parse ISAKMP IPsec DOI attribute:
Jul 18 08:04:53 fc4 pluto[1213]: | af+type: ENCAPSULATION_MODE
Jul 18 08:04:53 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:53 fc4 pluto[1213]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jul 18 08:04:53 fc4 pluto[1213]: | ******parse ISAKMP IPsec DOI attribute:
Jul 18 08:04:53 fc4 pluto[1213]: | af+type: SA_LIFE_TYPE
Jul 18 08:04:53 fc4 pluto[1213]: | length/value: 1
Jul 18 08:04:53 fc4 pluto[1213]: | [1 is SA_LIFE_TYPE_SECONDS]
Jul 18 08:04:53 fc4 pluto[1213]: | ******parse ISAKMP IPsec DOI attribute:
Jul 18 08:04:53 fc4 pluto[1213]: | af+type: SA_LIFE_DURATION
Jul 18 08:04:53 fc4 pluto[1213]: | length/value: 28800
Jul 18 08:04:53 fc4 pluto[1213]: | ******parse ISAKMP IPsec DOI attribute:
Jul 18 08:04:53 fc4 pluto[1213]: | af+type: AUTH_ALGORITHM
Jul 18 08:04:53 fc4 pluto[1213]: | length/value: 2
Jul 18 08:04:53 fc4 pluto[1213]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Jul 18 08:04:53 fc4 pluto[1213]: | DH public value received:
Jul 18 08:04:53 fc4 pluto[1213]: | fe 76 a3 04 ab 38 77 1e 05 b2 86 2d 9f
7a ee bc
Jul 18 08:04:53 fc4 pluto[1213]: | bd de 25 20 7d b5 2a a7 12 04 f3 51 7d
f1 b2 b0
Jul 18 08:04:53 fc4 pluto[1213]: | 78 24 3f ae 34 ab 97 1f c9 f0 c0 e1 35
53 82 c6
Jul 18 08:04:53 fc4 pluto[1213]: | 32 3d 63 3f c3 be ec 00 58 f6 72 e4 fa
be 4d 90
Jul 18 08:04:53 fc4 pluto[1213]: | 5c f4 a1 74 b3 70 c5 36 d1 e3 c2 08 f3
21 1d f2
Jul 18 08:04:53 fc4 pluto[1213]: | 6a 85 0d 28 8f 0e 30 f6 e7 4e 52 27 0d
33 0b 91
Jul 18 08:04:53 fc4 pluto[1213]: | d1 28 f9 7d cc 79 ce 48 63 a0 4c 32 6c
8e 13 a6
Jul 18 08:04:53 fc4 pluto[1213]: | b7 3d 17 9c e8 25 86 03 77 a9 0b c4 61
c9 c2 61
Jul 18 08:04:53 fc4 pluto[1213]: | 29 70 93 7d df 1e 29 c9 48 32 81 7e 58
f0 e3 2b
Jul 18 08:04:53 fc4 pluto[1213]: | 47 0a c8 75 4e f7 c5 36 6f 38 de ab 39
c5 f4 b6
Jul 18 08:04:53 fc4 pluto[1213]: | 2a 61 37 ff 03 d1 42 80 05 2f 20 22 81
76 42 63
Jul 18 08:04:53 fc4 pluto[1213]: | 6c b1 49 dd a0 13 8d 54 aa 26 23 63 14
17 68 79
Jul 18 08:04:53 fc4 pluto[1213]: | started looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:53 fc4 pluto[1213]: | actually looking for secret for
68.108.91.73->68.106.151.150 of kind PPK_PSK
Jul 18 08:04:53 fc4 pluto[1213]: | 1: compared PSK 68.106.151.150 to
68.108.91.73 / 68.106.151.150 -> 2
Jul 18 08:04:53 fc4 pluto[1213]: | 2: compared PSK 68.108.91.73 to
68.108.91.73 / 68.106.151.150 -> 6
Jul 18 08:04:53 fc4 pluto[1213]: | best_match 0>6 best=0x94cc658 (line=1)
Jul 18 08:04:53 fc4 pluto[1213]: | concluding with best_match=6
best=0x94cc658 (lineno=1)
Jul 18 08:04:53 fc4 pluto[1213]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1536): 39308 usec
Jul 18 08:04:53 fc4 pluto[1213]: | DH shared secret:
Jul 18 08:04:53 fc4 pluto[1213]: | dd c6 5f 65 84 5d 29 0c 0e 9e 69 4f 34
45 9b 17
Jul 18 08:04:53 fc4 pluto[1213]: | 09 82 52 94 38 06 2c da 71 cd b9 b3 29
5a ee 04
Jul 18 08:04:53 fc4 pluto[1213]: | 4f 59 55 10 9d ba 1c 39 c6 75 40 9f 8f
83 15 a6
Jul 18 08:04:53 fc4 pluto[1213]: | 47 ce 39 ea d1 2a ee ec 90 2d 8f 24 a2
a2 86 61
Jul 18 08:04:53 fc4 pluto[1213]: | c6 96 76 7d 81 82 d1 6e 5b e5 0d 9d 71
6d 59 bb
Jul 18 08:04:53 fc4 pluto[1213]: | 2c 46 da 63 6d e4 55 8a 4a 55 d4 6b 9a
78 58 08
Jul 18 08:04:53 fc4 pluto[1213]: | 0f ae c3 23 2d a6 67 2d 3f ac b3 51 4d
ee 33 a6
Jul 18 08:04:53 fc4 pluto[1213]: | a8 52 06 9a ba 76 c7 8a 8f 48 53 f2 f6
c5 13 58
Jul 18 08:04:53 fc4 pluto[1213]: | cb 36 ee 4d 12 52 ec f3 e8 fb 2a 1c 93
7f a3 98
Jul 18 08:04:53 fc4 pluto[1213]: | 21 ab 0a 39 19 08 d2 0a 53 bb 70 01 aa
09 f3 c1
Jul 18 08:04:53 fc4 pluto[1213]: | 07 e7 9a 24 d2 75 b4 61 51 26 cc cd 9d
0f 2c 63
Jul 18 08:04:53 fc4 pluto[1213]: | d9 71 8c ed 3c 15 5a b9 52 b6 cd 92 54
52 fc b2
Jul 18 08:04:53 fc4 pluto[1213]: | our client is subnet 192.168.50.0/24
Jul 18 08:04:53 fc4 pluto[1213]: | our client protocol/port is 0/0
Jul 18 08:04:53 fc4 pluto[1213]: | peer client is subnet 10.81.0.0/16
Jul 18 08:04:53 fc4 pluto[1213]: | peer client protocol/port is 0/0
Jul 18 08:04:53 fc4 pluto[1213]: | ***emit ISAKMP Hash Payload:
Jul 18 08:04:53 fc4 pluto[1213]: | next payload type: ISAKMP_NEXT_NONE
Jul 18 08:04:53 fc4 pluto[1213]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jul 18 08:04:53 fc4 pluto[1213]: | emitting length of ISAKMP Hash Payload:
20
Jul 18 08:04:53 fc4 pluto[1213]: | HASH(3) computed: f6 dc d9 de e5 36 f5
a1 1a 94 a6 d3 05 39 d0 b2
Jul 18 08:04:53 fc4 pluto[1213]: | compute_proto_keymat:needed_len (after
ESP enc)=16
Jul 18 08:04:53 fc4 pluto[1213]: | compute_proto_keymat:needed_len (after
ESP auth)=36
Jul 18 08:04:53 fc4 pluto[1213]: | KEYMAT computed:
Jul 18 08:04:53 fc4 pluto[1213]: | da 21 28 11 71 c6 28 40 1e ed e8 ea 46
0c 85 2f
Jul 18 08:04:53 fc4 pluto[1213]: | 5d de b1 38 9d 11 ab ce 76 41 00 75 ff
2e 33 ef
Jul 18 08:04:53 fc4 pluto[1213]: | fa 67 85 3e
Jul 18 08:04:53 fc4 pluto[1213]: | Peer KEYMAT computed:
Jul 18 08:04:53 fc4 pluto[1213]: | 4a 38 e9 93 19 cf ad a0 3d 31 c4 93 6d
f1 a5 ac
Jul 18 08:04:53 fc4 pluto[1213]: | fd 09 73 e6 54 93 3d a4 bf 8a 0d 44 5a
a4 cc ee
Jul 18 08:04:53 fc4 pluto[1213]: | 5a da 3e 4f
Jul 18 08:04:53 fc4 pluto[1213]: | install_ipsec_sa() for #2: inbound and
outbound
Jul 18 08:04:53 fc4 pluto[1213]: | route owner of "net-to-net" unrouted:
NULL; eroute owner: NULL
Jul 18 08:04:53 fc4 pluto[1213]: | could_route called for net-to-net
(kind=CK_PERMANENT)
Jul 18 08:04:53 fc4 pluto[1213]: | looking for alg with transid: 12
keylen: 0 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 11 keylen: 0 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 11 keylen: 0 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | add inbound eroute 10.81.0.0/16:0 --0->
192.168.50.0/24:0 => tun.10000 at 68.108.91.73 (raw_eroute)
Jul 18 08:04:53 fc4 pluto[1213]: | looking for alg with transid: 12
keylen: 0 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 11 keylen: 0 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 11 keylen: 0 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 2 keylen: 8 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 3 keylen: 24 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 0
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 1
Jul 18 08:04:53 fc4 pluto[1213]: | checking transid: 12 keylen: 16 auth: 2
Jul 18 08:04:53 fc4 pluto[1213]: | sr for #2: unrouted
Jul 18 08:04:53 fc4 pluto[1213]: | route owner of "net-to-net" unrouted:
NULL; eroute owner: NULL
Jul 18 08:04:53 fc4 pluto[1213]: | route_and_eroute with c: net-to-net
(next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Jul 18 08:04:53 fc4 pluto[1213]: | eroute_connection add eroute
192.168.50.0/24:0 --0-> 10.81.0.0/16:0 => tun.0 at 68.106.151.150
(raw_eroute)
Jul 18 08:04:53 fc4 pluto[1213]: | command executing up-client
Jul 18 08:04:53 fc4 pluto[1213]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='net-to-net'
PLUTO_NEXT_HOP='68.106.151.150' PLUTO_INTERFACE='eth0'
PLUTO_ME='68.108.91.73' PLUTO_MY_ID='68.108.91.73'
PLUTO_MY_CLIENT='192.168.50.0/24' PLUTO_MY_CLIENT_NET='192.168.50.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='68.106.151.150'
PLUTO_PEER_ID='68.106.151.150' PLUTO_PEER_CLIENT='10.81.0.0/16'
PLUTO_PEER_CLIENT_NET='10.81.0.0' PLUTO_PEER_CLIENT_MASK='255.255.0.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 18 08:04:53 fc4 pluto[1213]: | route_and_eroute: firewall_notified:
true
Jul 18 08:04:53 fc4 pluto[1213]: | command executing prepare-client
Jul 18 08:04:53 fc4 pluto[1213]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client'
PLUTO_CONNECTION='net-to-net' PLUTO_NEXT_HOP='68.106.151.150'
PLUTO_INTERFACE='eth0' PLUTO_ME='68.108.91.73' PLUTO_MY_ID='68.108.91.73'
PLUTO_MY_CLIENT='192.168.50.0/24' PLUTO_MY_CLIENT_NET='192.168.50.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='68.106.151.150'
PLUTO_PEER_ID='68.106.151.150' PLUTO_PEER_CLIENT='10.81.0.0/16'
PLUTO_PEER_CLIENT_NET='10.81.0.0' PLUTO_PEER_CLIENT_MASK='255.255.0.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 18 08:04:54 fc4 pluto[1213]: | command executing route-client
Jul 18 08:04:54 fc4 pluto[1213]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client'
PLUTO_CONNECTION='net-to-net' PLUTO_NEXT_HOP='68.106.151.150'
PLUTO_INTERFACE='eth0' PLUTO_ME='68.108.91.73' PLUTO_MY_ID='68.108.91.73'
PLUTO_MY_CLIENT='192.168.50.0/24' PLUTO_MY_CLIENT_NET='192.168.50.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='68.106.151.150'
PLUTO_PEER_ID='68.106.151.150' PLUTO_PEER_CLIENT='10.81.0.0/16'
PLUTO_PEER_CLIENT_NET='10.81.0.0' PLUTO_PEER_CLIENT_MASK='255.255.0.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jul 18 08:04:54 fc4 pluto[1213]: | route_and_eroute: instance
"net-to-net", setting eroute_owner {spd=0x94cbe4c,sr=0x94cbe4c} to #2 (was
#0) (newest_ipsec_sa=#0)
Jul 18 08:04:54 fc4 pluto[1213]: | encrypting:
Jul 18 08:04:54 fc4 pluto[1213]: | 00 00 00 14 f6 dc d9 de e5 36 f5 a1 1a
94 a6 d3
Jul 18 08:04:54 fc4 pluto[1213]: | 05 39 d0 b2
Jul 18 08:04:54 fc4 pluto[1213]: | IV:
Jul 18 08:04:54 fc4 pluto[1213]: | 43 e1 a0 8c c2 86 a0 82
Jul 18 08:04:54 fc4 pluto[1213]: | emitting 4 zero bytes of encryption
padding into ISAKMP Message
Jul 18 08:04:54 fc4 pluto[1213]: | encrypting using OAKLEY_3DES_CBC
Jul 18 08:04:54 fc4 pluto[1213]: | next IV: 2f 61 a2 9c 53 cf 23 9f
Jul 18 08:04:54 fc4 pluto[1213]: | emitting length of ISAKMP Message: 52
Jul 18 08:04:54 fc4 pluto[1213]: | inR1_outI2: instance net-to-net[0],
setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Jul 18 08:04:54 fc4 pluto[1213]: | complete state transition with STF_OK
Jul 18 08:04:54 fc4 pluto[1213]: "net-to-net" #2: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 18 08:04:54 fc4 pluto[1213]: | sending reply packet to
68.106.151.150:500 (from port=500)
Jul 18 08:04:54 fc4 pluto[1213]: | sending 52 bytes for STATE_QUICK_I1
through eth0:500 to 68.106.151.150:500:
Jul 18 08:04:54 fc4 pluto[1213]: | c0 fc 2d 43 1e 37 4c 0b 71 f9 44 bf f5
11 d9 ca
Jul 18 08:04:54 fc4 pluto[1213]: | 08 10 20 01 b0 9d 69 f2 00 00 00 34 4e
49 7a 85
Jul 18 08:04:54 fc4 pluto[1213]: | c2 46 f6 e3 ca 98 49 6c bc 5a 47 39 2f
61 a2 9c
Jul 18 08:04:54 fc4 pluto[1213]: | 53 cf 23 9f
Jul 18 08:04:54 fc4 pluto[1213]: | inserting event EVENT_SA_REPLACE,
timeout in 28256 seconds for #2
Jul 18 08:04:54 fc4 pluto[1213]: "net-to-net" #2: STATE_QUICK_I2: sent
QI2, IPsec SA established {ESP=>0x7cc0faef <0xa406c562
xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Jul 18 08:04:54 fc4 pluto[1213]: | modecfg pull: noquirk policy:push
not-client
Jul 18 08:04:54 fc4 pluto[1213]: | phase 1 is done, looking for phase 1 to
unpend
Jul 18 08:04:54 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 103
seconds
Jul 18 08:06:18 fc4 pluto[1213]: |
Jul 18 08:06:18 fc4 pluto[1213]: | *received whack message
Jul 18 08:06:18 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 19
seconds
Jul 18 08:06:19 fc4 pluto[1213]: |
Jul 18 08:06:19 fc4 pluto[1213]: | *received whack message
Jul 18 08:06:19 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 18
seconds
Jul 18 08:06:21 fc4 pluto[1213]: |
Jul 18 08:06:21 fc4 pluto[1213]: | *received whack message
Jul 18 08:06:21 fc4 pluto[1213]: | next event EVENT_PENDING_PHASE2 in 16
seconds
+ _________________________ date
+ date
Tue Jul 18 08:06:27 EDT 2006
Thanks,
Doug
More information about the Users
mailing list