[Openswan Users] I: Road warrior test on lan
Federico
fviel at comune.belluno.it
Fri Mar 10 13:22:41 CET 2006
Hello,
I need some help,
I,m trying to set up a Openswan VPN 2.2.0-kernel2.4.27 inside my LAN, as
test for the future remote-office client.
Tunnel seems to start correctly but when I try to ping a host behind the gw
it doesn't work:
Using tcpdump I noticed that pinging for ex 10.6.100.200(a host behind gw) a
icmp request was sent to the gw and ESP pachet as well.
To avoid first to be routed through the gw I use the following iptables rule
Iptables -A FORWARD - p icmp -s 10.6.3.128/25 --icmp-type 8 -j DROP
(this is why at beginning I thought the tunnel was ok: I can ping it but
just 'cause the icmp packet was forwarded to the host..... But using
tcpdump..)
As I stated before the connection start correctly:
multibel1:~# ipsec auto --up road
104 "road" #1: STATE_MAIN_I1: initiate
106 "road" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "road" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "road" #1: STATE_MAIN_I4: ISAKMP SA established
112 "road" #2: STATE_QUICK_I1: initiate
004 "road" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x81805bcf <0x1011f522}
Using tcpdump I discovered that as I stated above pinging an internal
network gw host 10.6.100.200 ESP packets reach the gw (I can see them using
tcpdump -I eth0) but nothing is put out from eth1.
Someone can help me? I try to read every forum I found end every
troubleshooting but.. I didn't manage to resolve..
Thank you very much in advance.
FV
My network looks like this:
LAN(simulate the internet)
network address= 10.6.3.128/25
ROAD WARRIOR
Road warrior static ip= 10.6.3.132
VPN/Gateway
Gw ip =10.6.3.133
Test Network behind gw= 10.6.100.0/24
(no NAT and no firewall except the rule above)
I use the following ipsec.conf files
multilinus:/etc# more ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug=all #"control parsing"
#plutostderrlog=
# Add connections here
# road-warrior VPN connection
conn road
# Left security gateway, subnet behind it, next hop toward right.
left=10.6.3.133
leftid=@multilinus.multibel.it
leftsubnet=10.6.100.0/24
leftrsasigkey=0sAQN74Z87R.....
# Right road-warrior
rightnexthop=%direct
right=%any
rightid=@multibel1.multibel.it
rightrsasigkey=0sAQO9mjE.....
# To authorize this connection, but not actually start it, at
startup,
# uncomment this.
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
----------------------------------------------------------------------------
-------------------------------
----------------------------------------------------------------------------
-------------------------------
multibel1:/etc# more ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# Add connections here
# road-warrior connection
conn road
left=10.6.3.132
leftnexthop=10.6.3.133
leftid=@multibel1.multibel.it
leftrsasigkey=0sAQO9mjElL.......
right=10.6.3.133
rightsubnet=10.6.100.0/24
rightid=@multilinus.multibel.it
rightrsasigkey=0sAQN74Z87R....
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
ipsec -barf
multilinus
Thu Mar 9 12:01:43 CET 2006
+ _________________________ version
+ ipsec --version
Linux Openswan U2.2.0/K2.4.27-2-386 (native)
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.27-2-386 (horms at tabatha.lab.ultramonkey.org) (gcc version
3.3.5 (Debian 1:3.3.5-12)) #1 Mon May 16 16:47:51 JST 2005
+ _________________________ proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.6.3.132 10.6.3.132 255.255.255.255 UGH 0 0 0
eth0
10.6.3.128 0.0.0.0 255.255.255.128 U 0 0 0
eth0
10.6.100.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
0.0.0.0 10.6.3.129 0.0.0.0 UG 0 0 0
eth0
+ _________________________ proc/net/ipsec_spi
+ test -r proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ setkey-D
+ setkey -D
10.6.3.133 10.6.3.132
esp mode=tunnel spi=2680898582(0x9fcb4416)
reqid=16389(0x00004005)
E: 3des-cbc 3d97830a e6366157 134af78c 8ba84c9b 7cadeaef
554fdd77
A: hmac-md5 0a413dd2 c5ccc1c9 c0923a5d 8b2b865f
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Mar 9 11:13:17 2006 current: Mar 9 12:01:43 2006
diff: 2906(s) hard: 0(s) soft: 0(s)
last: Mar 9 11:14:55 2006 hard: 0(s) soft:
0(s)
current: 336(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 3 hard: 0 soft: 0
sadb_seq=1 pid=5890 refcnt=0
10.6.3.132 10.6.3.133
esp mode=tunnel spi=2125545048(0x7eb13e58)
reqid=16389(0x00004005)
E: 3des-cbc 4f76151f d6f87375 a2c97a81 71361aee 8f9d562c
d7836869
A: hmac-md5 2bc1e637 287bb07d c60c6765 84436f55
seq=0x00000000 replay=64 flags=0x00000000 state=mature
created: Mar 9 11:13:16 2006 current: Mar 9 12:01:43 2006
diff: 2907(s) hard: 0(s) soft: 0(s)
last: Mar 9 11:13:17 2006 hard: 0(s) soft:
0(s)
current: 244368(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 2910 hard: 0 soft: 0
sadb_seq=0 pid=5890 refcnt=0
+ _________________________ setkey-D-P
+ setkey -D -P
10.6.3.132[any] 10.6.100.0/24[any] any
in ipsec
esp/tunnel/10.6.3.132-10.6.3.133/unique#16389
created: Mar 9 11:13:16 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=312 seq=8 pid=5891
refcnt=1
10.6.100.0/24[any] 10.6.3.132[any] any
out ipsec
esp/tunnel/10.6.3.133-10.6.3.132/unique#16389
created: Mar 9 11:13:17 2006 lastused: Mar 9 11:14:57 2006
lifetime: 0(s) validtime: 0(s)
spid=329 seq=7 pid=5891
refcnt=1
10.6.3.132[any] 10.6.100.0/24[any] any
fwd ipsec
esp/tunnel/10.6.3.132-10.6.3.133/unique#16389
created: Mar 9 11:13:16 2006 lastused: Mar 9 12:01:43 2006
lifetime: 0(s) validtime: 0(s)
spid=322 seq=6 pid=5891
refcnt=2
(per-socket policy)
in none
created: Mar 9 11:13:07 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=299 seq=5 pid=5891
refcnt=1
(per-socket policy)
in none
created: Mar 9 11:13:07 2006 lastused: Mar 9 11:58:26 2006
lifetime: 0(s) validtime: 0(s)
spid=283 seq=4 pid=5891
refcnt=1
(per-socket policy)
in none
created: Mar 9 11:13:07 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=267 seq=3 pid=5891
refcnt=1
(per-socket policy)
out none
created: Mar 9 11:13:07 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=308 seq=2 pid=5891
refcnt=1
(per-socket policy)
out none
created: Mar 9 11:13:07 2006 lastused: Mar 9 11:58:26 2006
lifetime: 0(s) validtime: 0(s)
spid=292 seq=1 pid=5891
refcnt=1
(per-socket policy)
out none
created: Mar 9 11:13:07 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=276 seq=0 pid=5891
refcnt=1
+ _________________________ proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 10.6.3.133
000 interface eth1/eth1 10.6.100.254
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfke
y+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "road":
10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...%any[@multibel1.multib
el.it]; unrouted; eroute owner: #0
000 "road": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "road": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 24,32; interface:
eth0;
000 "road": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "road": IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5,
5_000-2-2, flags=-strict
000 "road": IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
5_192-2_160-5, 5_192-2_160-2,
000 "road": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "road": ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "road"[1]:
10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...10.6.3.132[@multibel1.
multibel.it]; erouted; eroute owner: #2
000 "road"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "road"[1]: policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 24,32; interface:
eth0;
000 "road"[1]: newest ISAKMP SA: #3; newest IPsec SA: #2;
000 "road"[1]: IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5,
5_000-2-2, flags=-strict
000 "road"[1]: IKE algorithms found: 5_192-1_128-5, 5_192-1_128-2,
5_192-2_160-5, 5_192-2_160-2,
000 "road"[1]: IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "road"[1]: ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "road"[1]: ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000 "road"[1]: ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000
000 #3: "road"[1] 10.6.3.132 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 3133s; newest ISAKMP
000 #2: "road"[1] 10.6.3.132 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 25624s; newest IPSEC; eroute owner
000 #2: "road"[1] 10.6.3.132 esp.9fcb4416 at 10.6.3.132 esp.7eb13e58 at 10.6.3.133
tun.0 at 10.6.3.132 tun.0 at 10.6.3.133
000 #1: "road"[1] 10.6.3.132 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 422s
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:13:D4:B2:D4:8B
inet addr:10.6.3.133 Bcast:10.255.255.255 Mask:255.255.255.128
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:645595 errors:0 dropped:0 overruns:0 frame:0
TX packets:107615 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:164807835 (157.1 MiB) TX bytes:8102422 (7.7 MiB)
Interrupt:19 Base address:0xed00
eth1 Link encap:Ethernet HWaddr 00:13:49:24:4C:4C
inet addr:10.6.100.254 Bcast:10.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2044 errors:0 dropped:0 overruns:0 frame:0
TX packets:670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:486855 (475.4 KiB) TX bytes:65954 (64.4 KiB)
Interrupt:18 Base address:0xee00
eth2 Link encap:Ethernet HWaddr 00:13:49:24:5E:B5
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:19 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:148625 errors:0 dropped:0 overruns:0 frame:0
TX packets:148625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12254252 (11.6 MiB) TX bytes:12254252 (11.6 MiB)
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.4.27-2-386 (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support
[OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: multilinus
[MISSING]
Does the machine have at least one non-private address? [FAILED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: negotiated 100baseTx-FD, link ok
product info: vendor 00:00:00, model 0 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
SIOCGMIIPHY on 'eth2' failed: Invalid argument
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
12:01:46 up 2:38, 6 users, load average: 0.02, 0.04, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 5870 4874 16 0 2628 1328 wait4 S+ pts/4 0:00
\_ /bin/sh /usr/lib/ipsec/barf
1 0 5941 5870 15 0 2628 1328 - R+ pts/4 0:00
\_ /bin/sh /usr/lib/ipsec/barf
1 0 4303 1 9 0 2204 1104 wait4 S pts/3 0:00 /bin/bash
/usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--strictcrlpolicy --nat_traversal --keep_alive --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
--dump --opts --stderrlog --wait no --pre --post --log daemon.error
--pid /var/run/pluto.pid
1 0 4307 4303 9 0 2204 1112 wait4 S pts/3 0:00 \_
/bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--strictcrlpolicy --nat_traversal --keep_alive --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri
--dump --opts --stderrlog --wait no --pre --post --log daemon.error
--pid /var/run/pluto.pid
4 0 4314 4307 9 0 2348 1240 select S pts/3 0:00 | \_
/usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir
/etc/ipsec.d --debug-all --uniqueids
0 0 4352 4314 9 0 1312 284 select S pts/3 0:00 |
\_ _pluto_adns -d
0 0 4308 4303 8 0 2180 1088 pipe_w S pts/3 0:00 \_
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0 0 4304 1 9 0 1376 384 pipe_w S pts/3 0:00 logger -s
-p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=10.6.3.133
routenexthop=10.6.3.129
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
# klipsdebug=none
plutodebug=all #"control parsing"
#plutostderrlog=
# Add connections here
# road-warrior VPN connection
conn road
# Left security gateway, subnet behind it, next hop toward
right.
left=10.6.3.133
leftid=@multilinus.multibel.it
leftsubnet=10.6.100.0/24
leftrsasigkey=[keyid AQN74Z87R]
# Right road-warrior
rightnexthop=%direct
right=%any
rightid=@multibel1.multibel.it
rightrsasigkey=[keyid AQO9mjElL]
# To authorize this connection, but not actually start it, at
startup,
# uncomment this.
auto=add
#Disable Opportunistic Encryption
#< /etc/ipsec.d/examples/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.1 2004/01/20 19:24:23 sam Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 38
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
: RSA {
# RSA 2048 bits multilinus Tue Feb 7 17:51:12 2006
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQN74Z87R]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Mar 09 11:13:07 2006, 2048 RSA Key AQO9mjElL, until --- -- --:--:-- ----
ok (expires never)
000 ID_FQDN '@multibel1.multibel.it'
000 Mar 09 11:13:07 2006, 2048 RSA Key AQN74Z87R, until --- -- --:--:-- ----
ok (expires never)
000 ID_FQDN '@multilinus.multibel.it'
+ '[' /etc/ipsec.d/policies ']'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 1376
-rwxr-xr-x 1 root root 15404 May 24 2005 _confread
-rwxr-xr-x 1 root root 4612 May 24 2005 _copyright
-rwxr-xr-x 1 root root 2380 May 24 2005 _include
-rwxr-xr-x 1 root root 1476 May 24 2005 _keycensor
-rwxr-xr-x 1 root root 9784 May 24 2005 _pluto_adns
-rwxr-xr-x 1 root root 3586 May 24 2005 _plutoload
-rwxr-xr-x 1 root root 7165 May 24 2005 _plutorun
-rwxr-xr-x 1 root root 10494 May 24 2005 _realsetup
-rwxr-xr-x 1 root root 1976 May 24 2005 _secretcensor
-rwxr-xr-x 1 root root 9013 May 24 2005 _startklips
-rwxr-xr-x 1 root root 12313 May 24 2005 _updown
-rwxr-xr-x 1 root root 7572 May 24 2005 _updown_x509
-rwxr-xr-x 1 root root 19222 May 24 2005 auto
-rwxr-xr-x 1 root root 10224 May 24 2005 barf
-rwxr-xr-x 1 root root 816 May 24 2005 calcgoo
-rwxr-xr-x 1 root root 80792 May 24 2005 eroute
-rwxr-xr-x 1 root root 1942 May 24 2005 ipsec_pr.template
-rwxr-xr-x 1 root root 60664 May 24 2005 klipsdebug
-rwxr-xr-x 1 root root 2462 May 24 2005 look
-rwxr-xr-x 1 root root 7118 May 24 2005 mailkey
-rwxr-xr-x 1 root root 16190 May 24 2005 manual
-rwxr-xr-x 1 root root 1874 May 24 2005 newhostkey
-rwxr-xr-x 1 root root 53196 May 24 2005 pf_key
-rwxr-xr-x 1 root root 590808 May 24 2005 pluto
-rwxr-xr-x 1 root root 6616 May 24 2005 ranbits
-rwxr-xr-x 1 root root 18584 May 24 2005 rsasigkey
-rwxr-xr-x 1 root root 766 May 24 2005 secrets
-rwxr-xr-x 1 root root 17570 May 24 2005 send-pr
lrwxrwxrwx 1 root root 17 Jan 25 12:50 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1048 May 24 2005 showdefaults
-rwxr-xr-x 1 root root 4365 May 24 2005 showhostkey
-rwxr-xr-x 1 root root 118200 May 24 2005 spi
-rwxr-xr-x 1 root root 68408 May 24 2005 spigrp
-rwxr-xr-x 1 root root 81752 May 24 2005 starter
-rwxr-xr-x 1 root root 9744 May 24 2005 tncfg
-rwxr-xr-x 1 root root 10189 May 24 2005 verify
-rwxr-xr-x 1 root root 42968 May 24 2005 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/lib/ipsec
total 1376
-rwxr-xr-x 1 root root 15404 May 24 2005 _confread
-rwxr-xr-x 1 root root 4612 May 24 2005 _copyright
-rwxr-xr-x 1 root root 2380 May 24 2005 _include
-rwxr-xr-x 1 root root 1476 May 24 2005 _keycensor
-rwxr-xr-x 1 root root 9784 May 24 2005 _pluto_adns
-rwxr-xr-x 1 root root 3586 May 24 2005 _plutoload
-rwxr-xr-x 1 root root 7165 May 24 2005 _plutorun
-rwxr-xr-x 1 root root 10494 May 24 2005 _realsetup
-rwxr-xr-x 1 root root 1976 May 24 2005 _secretcensor
-rwxr-xr-x 1 root root 9013 May 24 2005 _startklips
-rwxr-xr-x 1 root root 12313 May 24 2005 _updown
-rwxr-xr-x 1 root root 7572 May 24 2005 _updown_x509
-rwxr-xr-x 1 root root 19222 May 24 2005 auto
-rwxr-xr-x 1 root root 10224 May 24 2005 barf
-rwxr-xr-x 1 root root 816 May 24 2005 calcgoo
-rwxr-xr-x 1 root root 80792 May 24 2005 eroute
-rwxr-xr-x 1 root root 1942 May 24 2005 ipsec_pr.template
-rwxr-xr-x 1 root root 60664 May 24 2005 klipsdebug
-rwxr-xr-x 1 root root 2462 May 24 2005 look
-rwxr-xr-x 1 root root 7118 May 24 2005 mailkey
-rwxr-xr-x 1 root root 16190 May 24 2005 manual
-rwxr-xr-x 1 root root 1874 May 24 2005 newhostkey
-rwxr-xr-x 1 root root 53196 May 24 2005 pf_key
-rwxr-xr-x 1 root root 590808 May 24 2005 pluto
-rwxr-xr-x 1 root root 6616 May 24 2005 ranbits
-rwxr-xr-x 1 root root 18584 May 24 2005 rsasigkey
-rwxr-xr-x 1 root root 766 May 24 2005 secrets
-rwxr-xr-x 1 root root 17570 May 24 2005 send-pr
lrwxrwxrwx 1 root root 17 Jan 25 12:50 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1048 May 24 2005 showdefaults
-rwxr-xr-x 1 root root 4365 May 24 2005 showhostkey
-rwxr-xr-x 1 root root 118200 May 24 2005 spi
-rwxr-xr-x 1 root root 68408 May 24 2005 spigrp
-rwxr-xr-x 1 root root 81752 May 24 2005 starter
-rwxr-xr-x 1 root root 9744 May 24 2005 tncfg
-rwxr-xr-x 1 root root 10189 May 24 2005 verify
-rwxr-xr-x 1 root root 42968 May 24 2005 whack
+ _________________________ ipsec/updowns
++ ls /usr/lib/ipsec
++ egrep updown
+ cat /usr/lib/ipsec/_updown
#! /bin/sh
# iproute2 version, default updown script
#
# Copyright (C) 2003-2004 Nigel Meteringham
# Copyright (C) 2003-2004 Tuomo Soini
# Copyright (C) 2002-2004 Michael Richardson <mcr at xelerance.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown.ip2.in,v 1.11 2004/06/01 13:30:57 ken Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
LC_ALL=C export LC_ALL
# things that this script gets (from ipsec_pluto(8) man page)
#
#
# PLUTO_VERSION
# indicates what version of this interface is being
# used. This document describes version 1.1. This
# is upwardly compatible with version 1.0.
#
# PLUTO_VERB
# specifies the name of the operation to be performed
# (prepare-host, prepare-client, up-host, up-client,
# down-host, or down-client). If the address family
# for security gateway to security gateway communica-
# tions is IPv6, then a suffix of -v6 is added to the
# verb.
#
# PLUTO_CONNECTION
# is the name of the connection for which we are
# routing.
#
# PLUTO_CONN_POLICY
# the policy of the connection, as in:
#
RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD
#
# PLUTO_NEXT_HOP
# is the next hop to which packets bound for the peer
# must be sent.
#
# PLUTO_INTERFACE
# is the name of the ipsec interface to be used.
#
# PLUTO_ME
# is the IP address of our host.
#
# PLUTO_MY_CLIENT
# is the IP address / count of our client subnet. If
# the client is just the host, this will be the
# host's own IP address / max (where max is 32 for
# IPv4 and 128 for IPv6).
#
# PLUTO_MY_CLIENT_NET
# is the IP address of our client net. If the client
# is just the host, this will be the host's own IP
# address.
#
# PLUTO_MY_CLIENT_MASK
# is the mask for our client net. If the client is
# just the host, this will be 255.255.255.255.
#
# PLUTO_MY_SOURCEIP
# if non-empty, then the source address for the route will be
# set to this IP address.
#
# PLUTO_PEER
# is the IP address of our peer.
#
# PLUTO_PEER_CLIENT
# is the IP address / count of the peer's client sub-
# net. If the client is just the peer, this will be
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
# PLUTO_PEER_CLIENT_NET
# is the IP address of the peer's client net. If the
# client is just the peer, this will be the peer's
# own IP address.
#
# PLUTO_PEER_CLIENT_MASK
# is the mask for the peer's client net. If the
# client is just the peer, this will be
# 255.255.255.255.
#
# PLUTO_CONNECTION_TYPE
#
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
only
;;
custom:*) # custom parameters (see above CAUTION
comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
ip route flush cache
}
downroute() {
doroute delete
ip route flush cache
}
uprule() {
# policy based advanced routing
if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
"main" ]
then
dorule delete
dorule add
fi
# virtual sourceip support
if [ -n "$PLUTO_MY_SOURCEIP" ] && ["$PLUTO_MY_SOURCEIP" != "no"
]
then
addsource
changesource
fi
ip route flush cache
}
downrule() {
if [ -n "$PLUTO_MY_SOURCEIP" ] && [ "$PLUTO_IPROUTETABLE" !=
"main" ]
then
dorule delete
ip route flush cache
fi
}
addsource() {
st=0
if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
then
it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev
$PLUTO_INTERFACE"
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: addsource \`$it' failed ($oops)" >&2
fi
fi
return $st
}
changesource() {
st=0
parms="$PLUTO_PEER_CLIENT"
parms2="dev $PLUTO_INTERFACE"
parms3="src ${PLUTO_MY_SOURCEIP%/*}"
if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
"main" ]
then
parms3="$parms3 table '$PLUTO_IPROUTETABLE'"
fi
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
it=
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: changesource \`$it' failed ($oops)" >&2
fi
return $st
}
dorule() {
st=0
it2=
iprule="from $PLUTO_MY_CLIENT"
iprule2="to $PLUTO_PEER_CLIENT table $PLUTO_IPROUTETABLE"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
st=0
;;
*)
if test "$PLUTO_MY_SOURCEIP" = "no"
then
if test "$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}"
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
fi
else
if test "${PLUTO_MY_SOURCEIP%/*}" =
"${PLUTO_MY_CLIENT%/*}"
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
it2="ip rule $1 iif lo $iprule2"
fi
fi
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it' failed ($oops)" >&2
fi
if test "$st" = "0" -a -n "$it2"
then
oops="`eval $it2 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it2' failed ($oops)"
>&2
fi
fi
;;
esac
return $st
}
doroute() {
st=0
parms="$PLUTO_PEER_CLIENT"
parms2=
if [ -n "$PLUTO_NEXT_HOP" ]
then
parms2="via $PLUTO_NEXT_HOP"
fi
parms2="$parms2 dev $PLUTO_INTERFACE"
parms3=
if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" !=
"main" ]
then
parms3="table $PLUTO_IPROUTETABLE"
fi
if [ -z "$PLUTO_MY_SOURCEIP" ]
then
if [ -f /etc/sysconfig/defaultsource ]
then
. /etc/sysconfig/defaultsource
if [ -n "$DEFAULTSOURCE" ]
then
PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
fi
fi
fi
if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
then
addsource
parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
fi
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
# need to provide route that eclipses default,
without
# replacing it.
it="ip route $1 0.0.0.0/1 $parms2 &&
ip route $1 128.0.0.0/1 $parms2"
;;
*) it="ip route $1 $parms $parms2 $parms3"
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: doroute \`$it' failed ($oops)" >&2
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# need to provide route that eclipses default,
without
# replacing it.
parms1="0.0.0.0/1"
parms2="128.0.0.0/1"
it="ip route delete $parms1 2>&1 ; ip route delete
$parms2 2>&1"
oops="`ip route delete $parms1 2>&1 ; ip route
delete $parms2 2>&1`"
;;
*)
parms="$PLUTO_PEER_CLIENT"
it="ip route delete $parms 2>&1"
oops="`ip route delete $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
*'RTNETLINK answers: No such process'*)
# This is what route (currently -- not documented!)
gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes,
coming up
# This is used only by the default updown script, not by your
custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes,
going down
# This is used only by the default updown script, not by your
custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
#
# IPv6
#
prepare-host-v6:*|prepare-client-v6:*)
;;
route-host-v6:*|route-client-v6:*)
# connection to me or my client subnet being routed
#uproute_v6
;;
unroute-host-v6:*|unroute-client-v6:*)
# connection to me or my client subnet being unrouted
#downroute_v6
;;
up-host-v6:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host-v6:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client-v6:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client-v6:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/lib/ipsec/_updown_x509
#! /bin/sh
#
# customized updown script
#
# logging of VPN connections
#
# tag put in front of each log entry:
TAG=vpn
#
# syslog facility and priority used:
FAC_PRIO=local0.notice
#
# to create a special vpn logging file, put the following line into
# the syslog configuration file /etc/syslog.conf:
#
# local0.notice -/var/log/vpn
#
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
only
;;
custom:*) # custom parameters (see above CAUTION
comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask
$PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with
opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2
&&"
it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0
$parms2"
route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0
$parms2
;;
*) it="route $1 $parms $parms2"
route $1 $parms $parms2
;;
esac
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface
-- 7 and
# "SIOCADDRT: Network is unreachable"
means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop
setting??)" >&2
fi
fi
return $st
}
# are there port numbers?
if [ "$PLUTO_MY_PORT" != 0 ]
then
S_MY_PORT="--sport $PLUTO_MY_PORT"
D_MY_PORT="--dport $PLUTO_MY_PORT"
fi
if [ "$PLUTO_PEER_PORT" != 0 ]
then
S_PEER_PORT="--sport $PLUTO_PEER_PORT"
D_PEER_PORT="--dport $PLUTO_PEER_PORT"
fi
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with
opportunistic
parms1="-net 0.0.0.0 netmask 128.0.0.0"
parms2="-net 128.0.0.0 netmask 128.0.0.0"
it="route del $parms1 2>&1 ; route del $parms2 2>&1"
oops="`route del $parms1 2>&1 ; route del $parms2
2>&1`"
;;
*)
parms="-net $PLUTO_PEER_CLIENT_NET netmask
$PLUTO_PEER_CLIENT_MASK"
it="route del $parms 2>&1"
oops="`route del $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!)
gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL
\
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
$PLUTO_PEER -- $PLUTO_ME"
fi
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER
-- $PLUTO_ME"
fi
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p
$PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL
\
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
$PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
$PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL
\
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
$PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT ==
$PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes,
coming up
# This is used only by the default updown script, not by your
custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes,
going down
# This is used only by the default updown script, not by your
custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo:12260821 148705 0 0 0 0 0 0 12260821
148705 0 0 0 0 0 0
eth0:164808575 645601 0 0 0 0 0 0 8103048
107624 0 0 0 0 0 0
eth1: 487419 2048 0 0 0 0 0 0 66356
672 0 0 0 0 0 0
eth2: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use
Metric Mask MTU Window IRTT
eth0 8403060A 8403060A 0007 0 0 0
FFFFFFFF 0 0 0
eth0 8003060A 00000000 0001 0 0
0 80FFFFFF 0 0 0
eth1 0064060A 00000000 0001 0 0
0 00FFFFFF 0 0 0
eth0 00000000 8103060A 0003 0 0
0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux multilinus 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ test -r /etc/fedora-release
+ _________________________ proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'native PFKEY (2.4.27-2-386) support detected '
native PFKEY (2.4.27-2-386) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ ipfwadm -F -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -I -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -O -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________
+ ipfwadm -M -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ ipchains -L -v -n
ipchains: Incompatible with this kernel
+ _________________________
+ ipchains -M -L -v -n
ipchains: cannot open file `/proc/net/ip_masquerade'
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 121K packets, 10M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 249 packets, 19077 bytes)
pkts bytes target prot opt in out source
destination
6647 558K DROP icmp -- * * 10.6.3.128/25
0.0.0.0/0 icmp type 8
Chain OUTPUT (policy ACCEPT 113K packets, 9990K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 4663 packets, 497K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 913 packets, 55871 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 894 packets, 54169 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 79957 packets, 6937K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 75472 packets, 6495K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 4283 packets, 359K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 70617 packets, 6468K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 70754 packets, 6479K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 2040 0 (autoclean) (unused)
iptable_nat 14766 0 (autoclean) (unused)
ip_conntrack 17000 0 (autoclean) [iptable_nat]
iptable_filter 1644 1 (autoclean)
ip_tables 10400 5 [iptable_mangle iptable_nat iptable_filter]
input 3040 0 (autoclean)
apm 8428 1 (autoclean)
parport_pc 19432 1 (autoclean)
lp 5540 0 (autoclean)
parport 21608 1 (autoclean) [parport_pc lp]
af_packet 11048 2 (autoclean)
deflate 1068 0 (autoclean)
zlib_deflate 16760 0 (autoclean) [deflate]
twofish 34476 0 (autoclean)
serpent 11564 0 (autoclean)
aes 31488 0 (autoclean)
blowfish 8428 0 (autoclean)
des 9932 2 (autoclean)
sha256 7820 0 (autoclean)
sha1 7052 0 (autoclean)
md5 2572 2 (autoclean)
crypto_null 812 0 (autoclean)
xfrm_user 7172 0 (unused)
ipcomp 3376 0 (unused)
esp4 5520 2
ah4 3664 0 (unused)
af_key 17904 0
ehci-hcd 14764 0 (unused)
nvidia 3645692 12
usb-ohci 16488 0 (unused)
usbcore 52268 1 [ehci-hcd usb-ohci]
i810_audio 21372 1
ac97_codec 11252 0 [i810_audio]
soundcore 3268 2 [i810_audio]
ide-scsi 8272 0
8139too 12328 2
mii 1952 0 [8139too]
crc32 2848 0 [8139too]
ide-disk 12448 0
ide-detect 288 0 (unused)
ide-cd 27072 0
cdrom 26212 0 [ide-cd]
ide-core 91832 0 [ide-scsi ide-disk ide-detect ide-cd]
rtc 5768 0 (autoclean)
ext3 65388 1 (autoclean)
jbd 34628 1 (autoclean) [ext3]
sd_mod 10764 4 (autoclean)
sata_sis 1588 2 (autoclean)
libata 21732 0 (autoclean) [sata_sis]
scsi_mod 86052 3 (autoclean) [ide-scsi sd_mod sata_sis
libata]
unix 12752 217 (autoclean)
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 927129600 300302336 626827264 0 44457984 121520128
Swap: 1998733312 0 1998733312
MemTotal: 905400 kB
MemFree: 612136 kB
MemShared: 0 kB
Buffers: 43416 kB
Cached: 118672 kB
SwapCached: 0 kB
Active: 102968 kB
Inactive: 154876 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 905400 kB
LowFree: 612136 kB
SwapTotal: 1951888 kB
SwapFree: 1951888 kB
+ _________________________ proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.4.27-2-386/build/.config
+ egrep 'CONFIG_NETLINK|CONFIG_IPSEC|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP'
++ uname -r
+ cat /lib/modules/2.4.27-2-386/build/.config
CONFIG_NETLINK_DEV=m
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_NAT=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_TOS=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
# CONFIG_INET_ECN is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_COMPAT_IPFWADM=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_LIMIT=m
CONFIG_IP6_NF_MATCH_MAC=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_MULTIPORT=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_MARK=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AHESP=m
CONFIG_IP6_NF_MATCH_LENGTH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_MARK=m
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPHASE5526=m
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_KCS=m
CONFIG_IPMI_WATCHDOG=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
uucp.* /var/log/uucp.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
search comunebl.it
nameserver 10.6.3.130
nameserver 10.6.0.20
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x 5 root root 4096 Dec 19 16:28 2.4.27-2-386
drwxr-xr-x 4 root root 4096 Jan 25 13:08 2.4.27-2-686-smp
+ _________________________ proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ egrep netif_rx /proc/ksyms
c01ba0fa netif_rx_R86c60d40
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.27-2-386: U netif_rx_R86c60d40
2.4.27-2-686-smp: U netif_rx_Rsmp_6381047f
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '14429,$p' /var/log/syslog
+ egrep -i 'ipsec|klips|pluto'
+ cat
Mar 9 11:13:07 localhost ipsec_setup: Starting Openswan IPsec
U2.2.0/K2.4.27-2-386...
+ _________________________ plog
+ sed -n '6401,$p' /var/log/auth.log
+ egrep -i pluto
+ cat
Mar 9 11:13:07 localhost ipsec__plutorun: Starting Pluto subsystem...
Mar 9 11:13:07 localhost pluto[4314]: Starting Pluto (Openswan Version
2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
Mar 9 11:13:07 localhost pluto[4314]: including NAT-Traversal patch
(Version 0.6c) [disabled]
Mar 9 11:13:07 localhost pluto[4314]: | opening /dev/urandom
Mar 9 11:13:07 localhost pluto[4314]: | inserting event
EVENT_REINIT_SECRET, timeout in 3600 seconds
Mar 9 11:13:07 localhost pluto[4314]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Mar 9 11:13:07 localhost pluto[4314]: | process 4314 listening for
PF_KEY_V2 on file descriptor 6
Mar 9 11:13:07 localhost pluto[4314]: Using Linux 2.6 IPsec interface code
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build:
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2,
res=0, seq=1, pid=4314.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0, ext_type=0(reserved), ext_len=0.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
message 1 for AH
Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 02 02 00 00 00 01 00
00 00 da 10 00 00
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 1
Mar 9 11:13:07 localhost pluto[4314]: | AH registered with kernel.
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build:
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2,
res=0, seq=2, pid=4314.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0, ext_type=0(reserved), ext_len=0.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
message 2 for ESP
Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 03 02 00 00 00 02 00
00 00 da 10 00 00
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 2
Mar 9 11:13:07 localhost pluto[4314]: | alg_init():memset(0x80eba80, 0,
2016) memset(0x80ec260, 0, 2048)
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=14, alg_id=251
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=14, alg_id=2
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0,
alg_minbits=128, alg_maxbits=128, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=14, alg_id=3
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0,
alg_minbits=160, alg_maxbits=160, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=14, alg_id=5
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0,
alg_minbits=256, alg_maxbits=256, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=11
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=2
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8,
alg_minbits=64, alg_maxbits=64, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=3
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8,
alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=7
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8,
alg_minbits=40, alg_maxbits=448, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=12
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=252
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_add():satype=3,
exttype=15, alg_id=253
Mar 9 11:13:07 localhost pluto[4314]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Mar 9 11:13:07 localhost pluto[4314]: | ESP registered with kernel.
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build:
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p(nil).
Mar 9 11:13:07 localhost pluto[4314]: |
pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfffe5c0
pfkey_ext=0p0xbffff610 *pfkey_ext=0p0x80eee50.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80eee68 allocated 16 bytes, &(extensions[0])=0p0xbffff610
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2,
res=0, seq=3, pid=4314.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0, ext_type=0(reserved), ext_len=0.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Mar 9 11:13:07 localhost pluto[4314]: | finish_pfkey_msg: SADB_REGISTER
message 3 for IPCOMP
Mar 9 11:13:07 localhost pluto[4314]: | 02 07 00 09 02 00 00 00 03 00
00 00 da 10 00 00
Mar 9 11:13:07 localhost pluto[4314]: | pfkey_get: SADB_REGISTER message 3
Mar 9 11:13:07 localhost pluto[4314]: | IPCOMP registered with kernel.
Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
'/etc/ipsec.d/cacerts'
Mar 9 11:13:07 localhost pluto[4314]: Could not change to directory
'/etc/ipsec.d/aacerts'
Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Mar 9 11:13:07 localhost pluto[4314]: Changing to directory
'/etc/ipsec.d/crls'
Mar 9 11:13:07 localhost pluto[4314]: Warning: empty directory
Mar 9 11:13:07 localhost pluto[4314]: | inserting event 11??, timeout in
46013 seconds
Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
3600 seconds
Mar 9 11:13:07 localhost pluto[4314]: |
Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
3600 seconds
Mar 9 11:13:07 localhost pluto[4314]: |
Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
3600 seconds
Mar 9 11:13:07 localhost pluto[4314]: |
Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
Mar 9 11:13:07 localhost pluto[4314]: | Added new connection road with
policy RSASIG+ENCRYPT+TUNNEL+PFS
Mar 9 11:13:07 localhost pluto[4314]: | from whack: got
--esp=3des-md5,3des-sha1
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80cdfb4, "ESP_3DES")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
ealg_getbyname("3des")=3
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce280, "AUTH_ALGORITHM_HMAC_MD5")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_esp_add() ealg=3 aalg=1
cnt=1
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=sha1eklen=0 aklen=0
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80cdfb4, "ESP_3DES")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
ealg_getbyname("3des")=3
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce280, "AUTH_ALGORITHM_HMAC_SHA1")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
aalg_getbyname("sha1")=2
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_esp_add() ealg=3 aalg=2
cnt=2
Mar 9 11:13:07 localhost pluto[4314]: | esp string values: 3_000-1,
3_000-2, flags=-strict
Mar 9 11:13:07 localhost pluto[4314]: | from whack: got
--ike=3des-md5,3des-sha
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce3fc, "OAKLEY_3DES")
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_ppfixi () calling
enum_search(0x80ce3fc, "OAKLEY_3DES_CBC")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
ealg_getbyname("3des")=5
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce424, "OAKLEY_MD5")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=1
modp_id=5, cnt=1
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=1
modp_id=2, cnt=2
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=shaeklen=0 aklen=0
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce3fc, "OAKLEY_3DES")
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_ppfixi () calling
enum_search(0x80ce3fc, "OAKLEY_3DES_CBC")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
ealg_getbyname("3des")=5
Mar 9 11:13:07 localhost pluto[4314]: | enum_search_prefix () calling
enum_search(0x80ce424, "OAKLEY_SHA")
Mar 9 11:13:07 localhost pluto[4314]: | parser_alg_info_add()
aalg_getbyname("sha")=2
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=2
modp_id=5, cnt=3
Mar 9 11:13:07 localhost pluto[4314]: | __alg_info_ike_add() ealg=5 aalg=2
modp_id=2, cnt=4
Mar 9 11:13:07 localhost pluto[4314]: | ike string values: 5_000-1-5,
5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
Mar 9 11:13:07 localhost pluto[4314]: | counting wild cards for
@multilinus.multibel.it is 0
Mar 9 11:13:07 localhost pluto[4314]: | sendcert is 3
Mar 9 11:13:07 localhost pluto[4314]: | counting wild cards for
@multibel1.multibel.it is 0
Mar 9 11:13:07 localhost pluto[4314]: | sendcert is 3
Mar 9 11:13:07 localhost pluto[4314]: | based upon policy, the connection
is a template.
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=1
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=1
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=2
Mar 9 11:13:07 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=2
Mar 9 11:13:07 localhost pluto[4314]: added connection description "road"
Mar 9 11:13:07 localhost pluto[4314]: |
10.6.100.0/24===10.6.3.133[@multilinus.multibel.it]...%any[@multibel1.multib
el.it]
Mar 9 11:13:07 localhost pluto[4314]: | ike_life: 3600s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
RSASIG+ENCRYPT+TUNNEL+PFS
Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
3600 seconds
Mar 9 11:13:07 localhost pluto[4314]: |
Mar 9 11:13:07 localhost pluto[4314]: | *received whack message
Mar 9 11:13:07 localhost pluto[4314]: listening for IKE messages
Mar 9 11:13:07 localhost pluto[4314]: | found lo with address 127.0.0.1
Mar 9 11:13:07 localhost pluto[4314]: | found eth0 with address 10.6.3.133
Mar 9 11:13:07 localhost pluto[4314]: | found eth1 with address
10.6.100.254
Mar 9 11:13:07 localhost pluto[4314]: adding interface eth1/eth1
10.6.100.254
Mar 9 11:13:07 localhost pluto[4314]: adding interface eth0/eth0 10.6.3.133
Mar 9 11:13:07 localhost pluto[4314]: adding interface lo/lo 127.0.0.1
Mar 9 11:13:07 localhost pluto[4314]: | could not open /proc/net/if_inet6
Mar 9 11:13:07 localhost pluto[4314]: loading secrets from
"/etc/ipsec.secrets"
Mar 9 11:13:07 localhost pluto[4314]: | loaded private key for keyid:
PPK_RSA:AQN74Z87R
Mar 9 11:13:07 localhost pluto[4314]: | next event EVENT_REINIT_SECRET in
3600 seconds
Mar 9 11:13:15 localhost pluto[4314]: |
Mar 9 11:13:15 localhost pluto[4314]: | *received 176 bytes from
10.6.3.132:500 on eth0
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 00 00
00 00 00 00 00 00
Mar 9 11:13:15 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
00 b0 00 00 00 94
Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
00 88 00 01 00 04
Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 00 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
00 03 80 04 00 05
Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 01 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
00 03 80 04 00 02
Mar 9 11:13:15 localhost pluto[4314]: | 03 00 00 20 02 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
00 03 80 04 00 05
Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 20 03 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:13:15 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
00 03 80 04 00 02
Mar 9 11:13:15 localhost pluto[4314]: | **parse ISAKMP Message:
Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 00 00 00 00 00 00 00 00
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:13:15 localhost pluto[4314]: | flags: none
Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:13:15 localhost pluto[4314]: | length: 176
Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Security
Association Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | length: 148
Mar 9 11:13:15 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=3
Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=3
Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=4
Mar 9 11:13:15 localhost pluto[4314]: | alg_info_addref()
alg_info->ref_cnt=4
Mar 9 11:13:15 localhost pluto[4314]: | instantiated "road" for 10.6.3.132
Mar 9 11:13:15 localhost pluto[4314]: | creating state object #1 at
0x80efca8
Mar 9 11:13:15 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:15 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:13:15 localhost pluto[4314]: | state hash entry 25
Mar 9 11:13:15 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: responding
to Main Mode from unknown peer 10.6.3.132
Mar 9 11:13:15 localhost pluto[4314]: | **emit ISAKMP Message:
Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:13:15 localhost pluto[4314]: | flags: none
Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Security Association
Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:13:15 localhost pluto[4314]: | ****parse IPsec DOI SIT:
Mar 9 11:13:15 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:13:15 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | length: 136
Mar 9 11:13:15 localhost pluto[4314]: | proposal number: 0
Mar 9 11:13:15 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
Mar 9 11:13:15 localhost pluto[4314]: | SPI size: 0
Mar 9 11:13:15 localhost pluto[4314]: | number of transforms: 4
Mar 9 11:13:15 localhost pluto[4314]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Mar 9 11:13:15 localhost pluto[4314]: | next payload type: ISAKMP_NEXT_T
Mar 9 11:13:15 localhost pluto[4314]: | length: 32
Mar 9 11:13:15 localhost pluto[4314]: | transform number: 0
Mar 9 11:13:15 localhost pluto[4314]: | transform ID: KEY_IKE
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_LIFE_TYPE
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 1
Mar 9 11:13:15 localhost pluto[4314]: | [1 is OAKLEY_LIFE_SECONDS]
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_LIFE_DURATION
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 3600
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 5
Mar 9 11:13:15 localhost pluto[4314]: | [5 is OAKLEY_3DES_CBC]
Mar 9 11:13:15 localhost pluto[4314]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type: OAKLEY_HASH_ALGORITHM
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 1
Mar 9 11:13:15 localhost pluto[4314]: | [1 is OAKLEY_MD5]
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 3
Mar 9 11:13:15 localhost pluto[4314]: | [3 is OAKLEY_RSA_SIG]
Mar 9 11:13:15 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:13:15 localhost pluto[4314]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Mar 9 11:13:15 localhost pluto[4314]: | length/value: 5
Mar 9 11:13:15 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
Mar 9 11:13:15 localhost pluto[4314]: | Oakley Transform 0 accepted
Mar 9 11:13:15 localhost pluto[4314]: | ****emit IPsec DOI SIT:
Mar 9 11:13:15 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:13:15 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | proposal number: 0
Mar 9 11:13:15 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
Mar 9 11:13:15 localhost pluto[4314]: | SPI size: 0
Mar 9 11:13:15 localhost pluto[4314]: | number of transforms: 1
Mar 9 11:13:15 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | transform number: 0
Mar 9 11:13:15 localhost pluto[4314]: | transform ID: KEY_IKE
Mar 9 11:13:15 localhost pluto[4314]: | emitting 24 raw bytes of attributes
into ISAKMP Transform Payload (ISAKMP)
Mar 9 11:13:15 localhost pluto[4314]: | attributes 80 0b 00 01 80 0c 0e
10 80 01 00 05 80 02 00 01
.............
Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Identification
Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SIG
Mar 9 11:13:15 localhost pluto[4314]: | length: 29
Mar 9 11:13:15 localhost pluto[4314]: | ID type: ID_FQDN
Mar 9 11:13:15 localhost pluto[4314]: | DOI specific A: 0
Mar 9 11:13:15 localhost pluto[4314]: | DOI specific B: 0
Mar 9 11:13:15 localhost pluto[4314]: | ***parse ISAKMP Signature Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | length: 260
Mar 9 11:13:15 localhost pluto[4314]: | removing 7 bytes of padding
Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: Peer ID is
ID_FQDN: '@multibel1.multibel.it'
Mar 9 11:13:15 localhost pluto[4314]: | refine_connection: starting with
road
Mar 9 11:13:15 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:15 localhost pluto[4314]: | refine_connection: happy with
starting point: road
Mar 9 11:13:15 localhost pluto[4314]: | offered CA: '%none'
Mar 9 11:13:15 localhost pluto[4314]: | hashing 144 bytes of SA
Mar 9 11:13:15 localhost pluto[4314]: | required CA is '%any'
Mar 9 11:13:15 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:15 localhost pluto[4314]: | key issuer CA is '%any'
Mar 9 11:13:15 localhost pluto[4314]: | an RSA Sig check passed with
*AQO9mjElL [preloaded key]
Mar 9 11:13:15 localhost pluto[4314]: | authentication succeeded
Mar 9 11:13:15 localhost pluto[4314]: | thinking about whether to send my
certificate:
Mar 9 11:13:15 localhost pluto[4314]: | I have RSA key: OAKLEY_RSA_SIG
cert.type: CERT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | sendcert: CERT_ALWAYSSEND and I
did not get a certificate request
Mar 9 11:13:15 localhost pluto[4314]: | so do not send cert.
Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: I did not
send a certificate because I do not have one.
Mar 9 11:13:15 localhost pluto[4314]: | **emit ISAKMP Message:
Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_ID
Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:15 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:13:15 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
Mar 9 11:13:15 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Identification
Payload (IPsec DOI):
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SIG
Mar 9 11:13:15 localhost pluto[4314]: | ID type: ID_FQDN
Mar 9 11:13:15 localhost pluto[4314]: | Protocol ID: 0
Mar 9 11:13:15 localhost pluto[4314]: | port: 0
Mar 9 11:13:15 localhost pluto[4314]: | emitting 22 raw bytes of my
identity into ISAKMP Identification Payload (IPsec DOI)
Mar 9 11:13:15 localhost pluto[4314]: | my identity 6d 75 6c 74 69 6c 69
6e 75 73 2e 6d 75 6c 74 69
Mar 9 11:13:15 localhost pluto[4314]: | 62 65 6c 2e 69 74
Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 30
Mar 9 11:13:15 localhost pluto[4314]: | hashing 144 bytes of SA
Mar 9 11:13:15 localhost pluto[4314]: | looking for secret for
@multilinus.multibel.it->@multibel1.multibel.it of kind PPK_RSA
Mar 9 11:13:15 localhost pluto[4314]: | signing hash with RSA Key
*AQN74Z87R
Mar 9 11:13:15 localhost pluto[4314]: | ***emit ISAKMP Signature Payload:
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:15 localhost pluto[4314]: | emitting 256 raw bytes of SIG_R
into ISAKMP Signature Payload
Mar 9 11:13:15 localhost pluto[4314]: | SIG_R 33 a3 36 ba b9 63 d7 8f 65
59 9c 0c 45 f6 f5 a9
Mar 9 11:13:15 localhost pluto[4314]: | c2 e7 1a 90 44 fe 98 20 c2 c9
06 24 a3 f2 6e 27
Mar 9 11:13:15 localhost pluto[4314]: | 3b c3 5d 09 0c ff 8f 14 07 b9
1b d5 c2 f1 cb d2
Mar 9 11:13:15 localhost pluto[4314]: | 0d 85 dd a7 63 e6 65 8e 93 4d
ed b5 0e 5b 63 5e
Mar 9 11:13:15 localhost pluto[4314]: | 93 98 b9 e5 cb bf 7a 78 20 c2
6d 3c 03 b3 66 87
Mar 9 11:13:15 localhost pluto[4314]: | f3 cd b9 54 ca a7 ff 6b 4d b6
c0 4c 1d 54 c8 b0
Mar 9 11:13:15 localhost pluto[4314]: | b7 9e ee 08 54 ff 78 e8 57 2f
0b 8b 62 6d f9 a5
Mar 9 11:13:15 localhost pluto[4314]: | 76 c9 b1 fa 0f 02 05 9c d5 08
00 72 ad 45 2c ba
Mar 9 11:13:15 localhost pluto[4314]: | 39 82 ee 91 02 5a 46 c8 f8 c6
08 db ac 00 bc e9
Mar 9 11:13:15 localhost pluto[4314]: | ea b8 1e 7f cc 2b 67 7c fe a3
cb a8 51 1b 36 ae
Mar 9 11:13:15 localhost pluto[4314]: | 1d cb ab fa 58 06 4b 19 6f b7
c5 87 00 c6 e5 ff
Mar 9 11:13:15 localhost pluto[4314]: | 03 dd bd cf ad e1 77 2a e2 82
31 5e 73 4d 5f 3c
Mar 9 11:13:15 localhost pluto[4314]: | e4 43 4b 5a b9 e7 24 fd c7 39
35 f3 15 17 a3 46
Mar 9 11:13:15 localhost pluto[4314]: | 0e 97 a2 74 61 7e 1d f3 21 51
91 df d6 6f 1c c8
Mar 9 11:13:15 localhost pluto[4314]: | f0 b1 ec d4 b1 7f b4 ec cb 20
3c 89 5c d4 d3 71
Mar 9 11:13:15 localhost pluto[4314]: | dc b0 72 ad ef 3a 35 4b a0 c7
8b c8 b4 18 1d bc
Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP Signature
Payload: 260
Mar 9 11:13:15 localhost pluto[4314]: | encrypting:
Mar 9 11:13:15 localhost pluto[4314]: | 09 00 00 1e 02 00 00 00 6d 75
6c 74 69 6c 69 6e
Mar 9 11:13:15 localhost pluto[4314]: | 75 73 2e 6d 75 6c 74 69 62 65
6c 2e 69 74 00 00
Mar 9 11:13:15 localhost pluto[4314]: | 01 04 33 a3 36 ba b9 63 d7 8f
65 59 9c 0c 45 f6
Mar 9 11:13:15 localhost pluto[4314]: | f5 a9 c2 e7 1a 90 44 fe 98 20
c2 c9 06 24 a3 f2
Mar 9 11:13:15 localhost pluto[4314]: | 6e 27 3b c3 5d 09 0c ff 8f 14
07 b9 1b d5 c2 f1
Mar 9 11:13:15 localhost pluto[4314]: | cb d2 0d 85 dd a7 63 e6 65 8e
93 4d ed b5 0e 5b
Mar 9 11:13:15 localhost pluto[4314]: | 63 5e 93 98 b9 e5 cb bf 7a 78
20 c2 6d 3c 03 b3
Mar 9 11:13:15 localhost pluto[4314]: | 66 87 f3 cd b9 54 ca a7 ff 6b
4d b6 c0 4c 1d 54
Mar 9 11:13:15 localhost pluto[4314]: | c8 b0 b7 9e ee 08 54 ff 78 e8
57 2f 0b 8b 62 6d
Mar 9 11:13:15 localhost pluto[4314]: | f9 a5 76 c9 b1 fa 0f 02 05 9c
d5 08 00 72 ad 45
Mar 9 11:13:15 localhost pluto[4314]: | 2c ba 39 82 ee 91 02 5a 46 c8
f8 c6 08 db ac 00
Mar 9 11:13:15 localhost pluto[4314]: | bc e9 ea b8 1e 7f cc 2b 67 7c
fe a3 cb a8 51 1b
Mar 9 11:13:15 localhost pluto[4314]: | 36 ae 1d cb ab fa 58 06 4b 19
6f b7 c5 87 00 c6
Mar 9 11:13:15 localhost pluto[4314]: | e5 ff 03 dd bd cf ad e1 77 2a
e2 82 31 5e 73 4d
Mar 9 11:13:15 localhost pluto[4314]: | 5f 3c e4 43 4b 5a b9 e7 24 fd
c7 39 35 f3 15 17
Mar 9 11:13:15 localhost pluto[4314]: | a3 46 0e 97 a2 74 61 7e 1d f3
21 51 91 df d6 6f
Mar 9 11:13:15 localhost pluto[4314]: | 1c c8 f0 b1 ec d4 b1 7f b4 ec
cb 20 3c 89 5c d4
Mar 9 11:13:15 localhost pluto[4314]: | d3 71 dc b0 72 ad ef 3a 35 4b
a0 c7 8b c8 b4 18
Mar 9 11:13:15 localhost pluto[4314]: | 1d bc
Mar 9 11:13:15 localhost pluto[4314]: | emitting 6 zero bytes of encryption
padding into ISAKMP Message
Mar 9 11:13:15 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
Mar 9 11:13:15 localhost pluto[4314]: | next IV: 63 bf f3 e4 3a 47 b5 b7
Mar 9 11:13:15 localhost pluto[4314]: | emitting length of ISAKMP Message:
324
Mar 9 11:13:15 localhost pluto[4314]: | last encrypted block of Phase 1:
Mar 9 11:13:15 localhost pluto[4314]: | 63 bf f3 e4 3a 47 b5 b7
Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 9 11:13:15 localhost pluto[4314]: | sending 324 bytes for STATE_MAIN_R2
through eth0 to 10.6.3.132:500:
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | 05 10 02 01 00 00 00 00 00 00
01 44 8a a3 af 51
Mar 9 11:13:15 localhost pluto[4314]: | 23 fa 23 ed b1 7d f3 c1 2a d6
da 52 14 19 2a 1b
Mar 9 11:13:15 localhost pluto[4314]: | ed 6a eb d8 09 b9 1f d2 4d af
6b bf df 99 45 1e
Mar 9 11:13:15 localhost pluto[4314]: | 19 6f 49 63 da 62 5e 59 00 da
1f c6 5b 2c ff ce
Mar 9 11:13:15 localhost pluto[4314]: | 1e 5f 4e 1b 6f 47 40 f2 ad 65
f7 b1 79 53 58 e9
Mar 9 11:13:15 localhost pluto[4314]: | f5 61 4e e3 64 3d d2 e7 c3 1a
9c f8 8c 51 e3 ab
Mar 9 11:13:15 localhost pluto[4314]: | bb 33 c0 96 89 e8 f6 86 01 a6
05 e2 2a 04 99 8a
Mar 9 11:13:15 localhost pluto[4314]: | e8 80 b9 21 a9 2d 60 58 d2 22
5d d0 c2 5d 04 f2
Mar 9 11:13:15 localhost pluto[4314]: | 92 0d 6a 01 ae b6 68 27 dc 0e
ed 3a aa 7b 97 58
Mar 9 11:13:15 localhost pluto[4314]: | 0b 93 f8 30 d1 52 b6 44 f3 58
03 67 47 c4 54 78
Mar 9 11:13:15 localhost pluto[4314]: | 22 81 7e 0f 5d e3 86 13 62 87
b6 a7 cf b6 fc 64
Mar 9 11:13:15 localhost pluto[4314]: | a1 94 bd 11 4a cd d0 4e 11 60
59 0f d2 51 8d 08
Mar 9 11:13:15 localhost pluto[4314]: | e2 5c 1e a3 7e 5c a0 90 a6 15
b7 2a ff 25 e7 e0
Mar 9 11:13:15 localhost pluto[4314]: | 78 f8 99 ea f1 1c 0f 26 f7 c1
b1 fd 58 1e e9 23
Mar 9 11:13:15 localhost pluto[4314]: | fb 6c fd dd ff 92 60 d4 0b 6b
36 20 40 f2 ec af
Mar 9 11:13:15 localhost pluto[4314]: | 35 28 53 25 b2 e7 8c 1c 0a 3f
ad db 44 6b c4 55
Mar 9 11:13:15 localhost pluto[4314]: | d7 d7 97 9d b2 a5 72 77 e6 46
7f e5 c1 06 c0 ea
Mar 9 11:13:15 localhost pluto[4314]: | 22 90 fb bb 94 08 60 20 35 a1
76 fd b7 72 3a 6f
Mar 9 11:13:15 localhost pluto[4314]: | df b4 a7 8b 0e d3 b8 36 ab 79
b0 ae 63 bf f3 e4
Mar 9 11:13:15 localhost pluto[4314]: | 3a 47 b5 b7
Mar 9 11:13:15 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
timeout in 3330 seconds for #1
Mar 9 11:13:15 localhost pluto[4314]: "road"[1] 10.6.3.132 #1: sent MR3,
ISAKMP SA established
Mar 9 11:13:15 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 3330
seconds for #1
Mar 9 11:13:15 localhost pluto[4314]: |
Mar 9 11:13:15 localhost pluto[4314]: | *received 380 bytes from
10.6.3.132:500 on eth0
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
01 7c 65 a9 84 33
Mar 9 11:13:15 localhost pluto[4314]: | e7 38 76 bb 28 ca ad 4c db fc
dc 74 d0 ff a1 17
Mar 9 11:13:15 localhost pluto[4314]: | e4 f0 02 25 7b da 49 87 b3 92
51 0d 91 ce 73 44
Mar 9 11:13:15 localhost pluto[4314]: | 0a 8c dc ba d1 70 05 0b a7 e2
5f e3 97 e6 ca 77
Mar 9 11:13:15 localhost pluto[4314]: | 34 82 35 18 86 9c 79 7f cb c8
6c e1 8a 24 08 69
Mar 9 11:13:15 localhost pluto[4314]: | 9c 90 b5 50 b2 15 e5 17 c9 25
89 78 a4 eb f9 57
Mar 9 11:13:15 localhost pluto[4314]: | 4a c7 21 15 fe 9a 37 7c 50 c4
35 af d4 fd 92 aa
Mar 9 11:13:15 localhost pluto[4314]: | 9c fb 66 cd ff e7 16 93 1a 0f
22 78 f0 6d be 20
Mar 9 11:13:15 localhost pluto[4314]: | 87 c6 5a c9 f4 62 2d 64 01 78
c2 7d ce 9d c9 60
Mar 9 11:13:15 localhost pluto[4314]: | 1b 5b 1f 5b ac 9c b2 a3 26 ae
47 de 93 aa a3 6b
Mar 9 11:13:15 localhost pluto[4314]: | ed 55 9b 9a 01 c3 f5 5e 1f cf
4d 7d 0d b8 cf da
Mar 9 11:13:15 localhost pluto[4314]: | 49 ee 99 61 23 84 d0 0c 38 9d
31 9c 12 1f ce 6f
Mar 9 11:13:15 localhost pluto[4314]: | eb 7a 8e 1b 70 77 f7 72 08 e9
e0 82 63 fe 55 3c
Mar 9 11:13:15 localhost pluto[4314]: | 8b 73 0f 3b b0 f3 d7 1c 3e 30
b8 b9 c9 21 ba a9
Mar 9 11:13:15 localhost pluto[4314]: | 61 15 5c c5 30 2e 37 69 79 20
a7 6b ee 6e 0b fb
Mar 9 11:13:15 localhost pluto[4314]: | 50 b1 4d 9c 31 5c 61 f3 82 c7
12 99 07 fe 1c 4b
Mar 9 11:13:15 localhost pluto[4314]: | eb 7a 0e 1e 9d a7 8d 65 5f 7b
e7 63 3f 16 0b 3e
Mar 9 11:13:15 localhost pluto[4314]: | 18 b2 e8 eb d4 cd ed fb b1 46
53 27 5b 64 97 23
Mar 9 11:13:15 localhost pluto[4314]: | 9d ed 8f 91 fd 90 aa b4 9d 9c
0f 26 38 23 82 9f
Mar 9 11:13:15 localhost pluto[4314]: | f6 74 28 58 77 86 98 73 70 88
bc 49 8b f0 84 1a
Mar 9 11:13:15 localhost pluto[4314]: | 7d 86 8e 96 5d 3e 2f 3f 9b e9
54 7f 10 59 e1 22
Mar 9 11:13:15 localhost pluto[4314]: | a1 6b 6d 84 50 d0 02 31 26 e4
82 92 17 92 43 87
Mar 9 11:13:15 localhost pluto[4314]: | f1 86 a4 b9 e5 25 28 89 13 32
d4 03
Mar 9 11:13:15 localhost pluto[4314]: | **parse ISAKMP Message:
Mar 9 11:13:15 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:15 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:15 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:15 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_HASH
Mar 9 11:13:15 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:15 localhost pluto[4314]: | exchange type: ISAKMP_XCHG_QUICK
Mar 9 11:13:15 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
Mar 9 11:13:15 localhost pluto[4314]: | message ID: ae 62 6a 91
Mar 9 11:13:15 localhost pluto[4314]: | length: 380
Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
Mar 9 11:13:16 localhost pluto[4314]: | peer and cookies match on #1,
provided msgid ae626a91 vs 00000000
Mar 9 11:13:16 localhost pluto[4314]: | state object not found
Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
Mar 9 11:13:16 localhost pluto[4314]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Mar 9 11:13:16 localhost pluto[4314]: | state object #1 found, in
STATE_MAIN_R3
Mar 9 11:13:16 localhost pluto[4314]: | last Phase 1 IV: 63 bf f3 e4 3a
47 b5 b7
Mar 9 11:13:16 localhost pluto[4314]: | last Phase 1 IV: 63 bf f3 e4 3a
47 b5 b7
Mar 9 11:13:16 localhost pluto[4314]: | computed Phase 2 IV:
Mar 9 11:13:16 localhost pluto[4314]: | 17 4b e7 d7 eb eb c4 87 3c 51
9c 93 e8 e9 2f f5
Mar 9 11:13:16 localhost pluto[4314]: | received encrypted packet from
10.6.3.132:500
Mar 9 11:13:16 localhost pluto[4314]: | decrypting 352 bytes using
algorithm OAKLEY_3DES_CBC
Mar 9 11:13:16 localhost pluto[4314]: | decrypted:
Mar 9 11:13:16 localhost pluto[4314]: | 01 00 00 14 b6 b4 72 27 de 1b
4d 74 44 13 a1 9c
Mar 9 11:13:16 localhost pluto[4314]: | 99 5a 16 b1 0a 00 00 50 00 00
00 01 00 00 00 01
Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 44 00 03 04 02 9f cb
44 16 03 00 00 1c
Mar 9 11:13:16 localhost pluto[4314]: | 00 03 00 00 80 03 00 05 80 04
00 01 80 01 00 01
Mar 9 11:13:16 localhost pluto[4314]: | 80 02 70 80 80 05 00 01 00 00
00 1c 01 03 00 00
Mar 9 11:13:16 localhost pluto[4314]: | 80 03 00 05 80 04 00 01 80 01
00 01 80 02 70 80
Mar 9 11:13:16 localhost pluto[4314]: | 80 05 00 02 04 00 00 14 f5 09
95 c0 85 d4 38 4f
Mar 9 11:13:16 localhost pluto[4314]: | a3 9b 35 fc 50 91 8f 75 05 00
00 c4 0a 65 89 43
Mar 9 11:13:16 localhost pluto[4314]: | eb 76 6f 86 c6 37 4b 69 90 b6
16 49 90 ac 30 ab
Mar 9 11:13:16 localhost pluto[4314]: | 53 95 b6 b7 2e 30 98 47 f5 f0
47 e9 9b 89 3e 90
Mar 9 11:13:16 localhost pluto[4314]: | b5 68 ab 60 e4 4b 58 c5 f2 79
c9 66 fe 50 ba 02
Mar 9 11:13:16 localhost pluto[4314]: | 1c ff 17 af ed 7a e4 f1 2f bf
27 b4 87 ac 71 2d
Mar 9 11:13:16 localhost pluto[4314]: | 4f 74 79 33 d4 f9 61 f1 a5 03
28 c2 5b f1 12 5b
Mar 9 11:13:16 localhost pluto[4314]: | 2d 7f 69 76 18 3e 38 e3 21 e7
1e 3c 8c 13 32 38
Mar 9 11:13:16 localhost pluto[4314]: | c8 88 ff 91 0d 98 48 96 ff ed
03 23 38 27 f4 d8
Mar 9 11:13:16 localhost pluto[4314]: | 35 69 58 75 3b f2 47 0c 85 1a
b4 54 2b 57 a2 12
Mar 9 11:13:16 localhost pluto[4314]: | e3 ca ca 9b 22 be 86 de bb 7f
a1 8f 56 64 3e 5f
Mar 9 11:13:16 localhost pluto[4314]: | 2b 2e 3f 59 af 4e fe 7e 79 cd
e7 4d 5c 1f fd be
Mar 9 11:13:16 localhost pluto[4314]: | 20 7d 35 74 71 5a 24 f2 bd ce
95 d8 04 55 2f 38
Mar 9 11:13:16 localhost pluto[4314]: | 35 91 43 06 0d d6 ae f6 3a 23
6b 57 05 00 00 10
Mar 9 11:13:16 localhost pluto[4314]: | 04 00 00 00 0a 06 03 84 ff ff
ff ff 00 00 00 10
Mar 9 11:13:16 localhost pluto[4314]: | 04 00 00 00 0a 06 64 00 ff ff
ff 00 00 00 00 00
Mar 9 11:13:16 localhost pluto[4314]: | next IV: e5 25 28 89 13 32 d4 03
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Hash Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:13:16 localhost pluto[4314]: | length: 20
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Security
Association Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONCE
Mar 9 11:13:16 localhost pluto[4314]: | length: 80
Mar 9 11:13:16 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Nonce Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_KE
Mar 9 11:13:16 localhost pluto[4314]: | length: 20
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Key Exchange
Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_ID
Mar 9 11:13:16 localhost pluto[4314]: | length: 196
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Identification
Payload (IPsec DOI):
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_ID
Mar 9 11:13:16 localhost pluto[4314]: | length: 16
Mar 9 11:13:16 localhost pluto[4314]: | ID type: ID_IPV4_ADDR_SUBNET
Mar 9 11:13:16 localhost pluto[4314]: | Protocol ID: 0
Mar 9 11:13:16 localhost pluto[4314]: | port: 0
Mar 9 11:13:16 localhost pluto[4314]: | ***parse ISAKMP Identification
Payload (IPsec DOI):
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:16 localhost pluto[4314]: | length: 16
Mar 9 11:13:16 localhost pluto[4314]: | ID type: ID_IPV4_ADDR_SUBNET
Mar 9 11:13:16 localhost pluto[4314]: | Protocol ID: 0
Mar 9 11:13:16 localhost pluto[4314]: | port: 0
Mar 9 11:13:16 localhost pluto[4314]: | removing 4 bytes of padding
Mar 9 11:13:16 localhost pluto[4314]: | HASH(1) computed:
Mar 9 11:13:16 localhost pluto[4314]: | b6 b4 72 27 de 1b 4d 74 44 13
a1 9c 99 5a 16 b1
Mar 9 11:13:16 localhost pluto[4314]: | peer client is subnet 10.6.3.132/32
Mar 9 11:13:16 localhost pluto[4314]: | peer client protocol/port is 0/0
Mar 9 11:13:16 localhost pluto[4314]: | our client is subnet 10.6.100.0/24
Mar 9 11:13:16 localhost pluto[4314]: | our client protocol/port is 0/0
Mar 9 11:13:16 localhost pluto[4314]: | find_client_connection starting
with road
Mar 9 11:13:16 localhost pluto[4314]: | looking for 10.6.100.0/24:0/0 ->
10.6.3.132/32:0/0
Mar 9 11:13:16 localhost pluto[4314]: | concrete checking against sr#0
10.6.100.0/24 -> 10.6.3.132/32
Mar 9 11:13:16 localhost pluto[4314]: | match_id
a=@multibel1.multibel.it b=@multibel1.multibel.it
Mar 9 11:13:16 localhost pluto[4314]: | match_id called with
a=@multibel1.multibel.it b=@multibel1.multibel.it
Mar 9 11:13:16 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:16 localhost pluto[4314]: | fc_try trying
road:10.6.100.0/24:0/0 -> 10.6.3.132/32:0/0 vs road:10.6.100.0/24:0/0 ->
10.6.3.132/32:0/0
Mar 9 11:13:16 localhost pluto[4314]: | fc_try concluding with road [128]
Mar 9 11:13:16 localhost pluto[4314]: | fc_try road gives road
Mar 9 11:13:16 localhost pluto[4314]: | concluding with d = road
Mar 9 11:13:16 localhost pluto[4314]: | duplicating state object #1
Mar 9 11:13:16 localhost pluto[4314]: | creating state object #2 at
0x80f0948
Mar 9 11:13:16 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:16 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:16 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:13:16 localhost pluto[4314]: | state hash entry 25
Mar 9 11:13:16 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Mar 9 11:13:16 localhost pluto[4314]: | **emit ISAKMP Message:
Mar 9 11:13:16 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:16 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:16 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:16 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_HASH
Mar 9 11:13:16 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:16 localhost pluto[4314]: | exchange type: ISAKMP_XCHG_QUICK
Mar 9 11:13:16 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
Mar 9 11:13:16 localhost pluto[4314]: | message ID: ae 62 6a 91
Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Hash Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Hash
Payload: 20
Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Security Association
Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONCE
Mar 9 11:13:16 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:13:16 localhost pluto[4314]: | ****parse IPsec DOI SIT:
Mar 9 11:13:16 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:13:16 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:16 localhost pluto[4314]: | length: 68
Mar 9 11:13:16 localhost pluto[4314]: | proposal number: 0
Mar 9 11:13:16 localhost pluto[4314]: | protocol ID: PROTO_IPSEC_ESP
Mar 9 11:13:16 localhost pluto[4314]: | SPI size: 4
Mar 9 11:13:16 localhost pluto[4314]: | number of transforms: 2
Mar 9 11:13:16 localhost pluto[4314]: | parsing 4 raw bytes of ISAKMP
Proposal Payload into SPI
Mar 9 11:13:16 localhost pluto[4314]: | SPI 9f cb 44 16
Mar 9 11:13:16 localhost pluto[4314]: | *****parse ISAKMP Transform Payload
(ESP):
Mar 9 11:13:16 localhost pluto[4314]: | next payload type: ISAKMP_NEXT_T
Mar 9 11:13:16 localhost pluto[4314]: | length: 28
Mar 9 11:13:16 localhost pluto[4314]: | transform number: 0
Mar 9 11:13:16 localhost pluto[4314]: | transform ID: ESP_3DES
Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
attribute:
Mar 9 11:13:16 localhost pluto[4314]: | af+type: GROUP_DESCRIPTION
Mar 9 11:13:16 localhost pluto[4314]: | length/value: 5
Mar 9 11:13:16 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
attribute:
Mar 9 11:13:16 localhost pluto[4314]: | af+type: ENCAPSULATION_MODE
Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
Mar 9 11:13:16 localhost pluto[4314]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
attribute:
Mar 9 11:13:16 localhost pluto[4314]: | af+type: SA_LIFE_TYPE
Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
Mar 9 11:13:16 localhost pluto[4314]: | [1 is SA_LIFE_TYPE_SECONDS]
Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
attribute:
Mar 9 11:13:16 localhost pluto[4314]: | af+type: SA_LIFE_DURATION
Mar 9 11:13:16 localhost pluto[4314]: | length/value: 28800
Mar 9 11:13:16 localhost pluto[4314]: | ******parse ISAKMP IPsec DOI
attribute:
Mar 9 11:13:16 localhost pluto[4314]: | af+type: AUTH_ALGORITHM
Mar 9 11:13:16 localhost pluto[4314]: | length/value: 1
Mar 9 11:13:16 localhost pluto[4314]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Mar 9 11:13:16 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:13:16 localhost pluto[4314]: |
kernel_alg_esp_enc_keylen():alg_id=3, keylen=24
Mar 9 11:13:16 localhost pluto[4314]: | ****emit IPsec DOI SIT:
Mar 9 11:13:16 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:13:16 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:16 localhost pluto[4314]: | proposal number: 0
Mar 9 11:13:16 localhost pluto[4314]: | protocol ID: PROTO_IPSEC_ESP
Mar 9 11:13:16 localhost pluto[4314]: | SPI size: 4
Mar 9 11:13:16 localhost pluto[4314]: | number of transforms: 1
Mar 9 11:13:16 localhost pluto[4314]: | netlink_get_spi: allocated
0x7eb13e58 for esp.0 at 10.6.3.133
Mar 9 11:13:16 localhost pluto[4314]: | emitting 4 raw bytes of SPI into
ISAKMP Proposal Payload
Mar 9 11:13:16 localhost pluto[4314]: | SPI 7e b1 3e 58
Mar 9 11:13:16 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
(ESP):
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:16 localhost pluto[4314]: | transform number: 0
Mar 9 11:13:16 localhost pluto[4314]: | transform ID: ESP_3DES
Mar 9 11:13:16 localhost pluto[4314]: | emitting 20 raw bytes of attributes
into ISAKMP Transform Payload (ESP)
Mar 9 11:13:16 localhost pluto[4314]: | attributes 80 03 00 05 80 04 00
01 80 01 00 01 80 02 70 80
Mar 9 11:13:16 localhost pluto[4314]: | 80 05 00 01
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Proposal
Payload: 40
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Security
Association Payload: 52
Mar 9 11:13:16 localhost pluto[4314]: | DH public value received:
Mar 9 11:13:16 localhost pluto[4314]: | 0a 65 89 43 eb 76 6f 86 c6 37
4b 69 90 b6 16 49
Mar 9 11:13:16 localhost pluto[4314]: | 90 ac 30 ab 53 95 b6 b7 2e 30
98 47 f5 f0 47 e9
Mar 9 11:13:16 localhost pluto[4314]: | 9b 89 3e 90 b5 68 ab 60 e4 4b
58 c5 f2 79 c9 66
Mar 9 11:13:16 localhost pluto[4314]: | fe 50 ba 02 1c ff 17 af ed 7a
e4 f1 2f bf 27 b4
Mar 9 11:13:16 localhost pluto[4314]: | 87 ac 71 2d 4f 74 79 33 d4 f9
61 f1 a5 03 28 c2
Mar 9 11:13:16 localhost pluto[4314]: | 5b f1 12 5b 2d 7f 69 76 18 3e
38 e3 21 e7 1e 3c
Mar 9 11:13:16 localhost pluto[4314]: | 8c 13 32 38 c8 88 ff 91 0d 98
48 96 ff ed 03 23
Mar 9 11:13:16 localhost pluto[4314]: | 38 27 f4 d8 35 69 58 75 3b f2
47 0c 85 1a b4 54
Mar 9 11:13:16 localhost pluto[4314]: | 2b 57 a2 12 e3 ca ca 9b 22 be
86 de bb 7f a1 8f
Mar 9 11:13:16 localhost pluto[4314]: | 56 64 3e 5f 2b 2e 3f 59 af 4e
fe 7e 79 cd e7 4d
Mar 9 11:13:16 localhost pluto[4314]: | 5c 1f fd be 20 7d 35 74 71 5a
24 f2 bd ce 95 d8
Mar 9 11:13:16 localhost pluto[4314]: | 04 55 2f 38 35 91 43 06 0d d6
ae f6 3a 23 6b 57
Mar 9 11:13:16 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: responding
to Quick Mode
Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Nonce Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_KE
Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of Nr into
ISAKMP Nonce Payload
Mar 9 11:13:16 localhost pluto[4314]: | Nr 7e ba 3c 89 88 a1 86 e8 37 c7
5e 58 46 9d 77 6b
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Nonce
Payload: 20
Mar 9 11:13:16 localhost pluto[4314]: | Local DH secret:
Mar 9 11:13:16 localhost pluto[4314]: | eb f2 a6 3d fb 7d 20 00 08 a0
8e 49 8d 01 f6 38
Mar 9 11:13:16 localhost pluto[4314]: | 55 75 11 d8 ed 19 e6 b0 f4 1f
d9 6b 0d 25 02 2d
Mar 9 11:13:16 localhost pluto[4314]: | Public DH value sent:
Mar 9 11:13:16 localhost pluto[4314]: | ae 80 90 a3 c4 ac 7a 67 b3 78
2d 88 7a 03 e3 04
Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
15 a0 bf eb d1 16
Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
8e a3 82 ca 54 ab
Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
bd a5 ef 0b ae 4f
Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
70 76 94 fd a7 de
Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
35 f7 14 93 89 df
Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
83 18 1b a0 a3 cd
Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
a8 82 ae 6c ad f2
Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
65 2c c8 5b dc af
Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
e9 5f 8c 74 ff 9e
Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
fc ed fc a4 1d 85
Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
06 31 d4 ff 39 68
Mar 9 11:13:16 localhost pluto[4314]: | ***emit ISAKMP Key Exchange
Payload:
Mar 9 11:13:16 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_ID
Mar 9 11:13:16 localhost pluto[4314]: | emitting 192 raw bytes of keyex
value into ISAKMP Key Exchange Payload
Mar 9 11:13:16 localhost pluto[4314]: | keyex value ae 80 90 a3 c4 ac 7a
67 b3 78 2d 88 7a 03 e3 04
Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
15 a0 bf eb d1 16
Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
8e a3 82 ca 54 ab
Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
bd a5 ef 0b ae 4f
Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
70 76 94 fd a7 de
Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
35 f7 14 93 89 df
Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
83 18 1b a0 a3 cd
Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
a8 82 ae 6c ad f2
Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
65 2c c8 5b dc af
Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
e9 5f 8c 74 ff 9e
Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
fc ed fc a4 1d 85
Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
06 31 d4 ff 39 68
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Key
Exchange Payload: 196
Mar 9 11:13:16 localhost pluto[4314]: | compute_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1536): 5714 usec
Mar 9 11:13:16 localhost pluto[4314]: | DH shared secret:
Mar 9 11:13:16 localhost pluto[4314]: | 7a 28 99 4a 18 5f 49 15 c0 4e
c8 0f d1 de b2 79
Mar 9 11:13:16 localhost pluto[4314]: | 72 8c 2d e2 87 1b 22 8c ed d1
8e 0e 56 cf a7 ce
Mar 9 11:13:16 localhost pluto[4314]: | ea e0 0c 07 ff 97 cb c9 5f e9
f4 d9 cc 0f ea de
Mar 9 11:13:16 localhost pluto[4314]: | 88 45 8c 5e fd 08 17 ba db 0e
ac 74 c3 ac 09 a9
Mar 9 11:13:16 localhost pluto[4314]: | 76 74 60 38 1e 85 68 4b 2c e5
7d 7d e3 76 85 81
Mar 9 11:13:16 localhost pluto[4314]: | d9 3e b3 bd a6 57 ee 87 9d 8b
b6 f1 99 6e 21 e5
Mar 9 11:13:16 localhost pluto[4314]: | 60 b8 d6 20 c2 cf e7 cd 16 f8
30 dc f6 44 09 81
Mar 9 11:13:16 localhost pluto[4314]: | 2c 9e 7f b5 ac c7 9e 2d fe ba
16 c0 0e e3 11 93
Mar 9 11:13:16 localhost pluto[4314]: | 66 92 e7 11 0c b3 0f 49 08 e1
9d f0 11 fb 74 40
Mar 9 11:13:16 localhost pluto[4314]: | 50 74 32 bc 16 62 fe 29 50 b2
ee ce 53 e0 62 48
Mar 9 11:13:16 localhost pluto[4314]: | e5 e3 65 42 fe 74 23 c3 bf 56
08 b1 9a c8 80 a9
Mar 9 11:13:16 localhost pluto[4314]: | 45 98 63 d9 39 4d d1 28 c0 13
4a 09 a0 a8 48 5c
Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of IDci into
ISAKMP Message
Mar 9 11:13:16 localhost pluto[4314]: | IDci 05 00 00 10 04 00 00 00 0a
06 03 84 ff ff ff ff
Mar 9 11:13:16 localhost pluto[4314]: | emitting 16 raw bytes of IDcr into
ISAKMP Message
Mar 9 11:13:16 localhost pluto[4314]: | IDcr 00 00 00 10 04 00 00 00 0a
06 64 00 ff ff ff 00
Mar 9 11:13:16 localhost pluto[4314]: | HASH(2) computed:
Mar 9 11:13:16 localhost pluto[4314]: | cd 1b ee de e9 0a 74 de 26 3f
68 67 5d 87 24 cf
Mar 9 11:13:16 localhost pluto[4314]: | compute_proto_keymat:needed_len
(after ESP enc)=24
Mar 9 11:13:16 localhost pluto[4314]: | compute_proto_keymat:needed_len
(after ESP auth)=40
Mar 9 11:13:16 localhost pluto[4314]: | KEYMAT computed:
Mar 9 11:13:16 localhost pluto[4314]: | 4f 76 15 1f d6 f8 73 75 a2 c9
7a 81 71 36 1a ee
Mar 9 11:13:16 localhost pluto[4314]: | 8f 9d 56 2c d7 83 68 69 2b c1
e6 37 28 7b b0 7d
Mar 9 11:13:16 localhost pluto[4314]: | c6 0c 67 65 84 43 6f 55
Mar 9 11:13:16 localhost pluto[4314]: | Peer KEYMAT computed:
Mar 9 11:13:16 localhost pluto[4314]: | 3d 97 83 0a e6 36 61 57 13 4a
f7 8c 8b a8 4c 9b
Mar 9 11:13:16 localhost pluto[4314]: | 7c ad ea ef 55 4f dd 77 0a 41
3d d2 c5 cc c1 c9
Mar 9 11:13:16 localhost pluto[4314]: | c0 92 3a 5d 8b 2b 86 5f
Mar 9 11:13:16 localhost pluto[4314]: | install_inbound_ipsec_sa() checking
if we can route
Mar 9 11:13:16 localhost pluto[4314]: | route owner of "road"[1] 10.6.3.132
unrouted: NULL; eroute owner: NULL
Mar 9 11:13:16 localhost pluto[4314]: | could_route called for road
(kind=CK_INSTANCE)
Mar 9 11:13:16 localhost pluto[4314]: | add inbound eroute 10.6.3.132/32:0
--0-> 10.6.100.0/24:0 => tun.10000 at 10.6.3.133 (raw_eroute)
Mar 9 11:13:16 localhost pluto[4314]: | encrypting:
Mar 9 11:13:16 localhost pluto[4314]: | 01 00 00 14 cd 1b ee de e9 0a
74 de 26 3f 68 67
Mar 9 11:13:16 localhost pluto[4314]: | 5d 87 24 cf 0a 00 00 34 00 00
00 01 00 00 00 01
Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 28 00 03 04 01 7e b1
3e 58 00 00 00 1c
Mar 9 11:13:16 localhost pluto[4314]: | 00 03 00 00 80 03 00 05 80 04
00 01 80 01 00 01
Mar 9 11:13:16 localhost pluto[4314]: | 80 02 70 80 80 05 00 01 04 00
00 14 7e ba 3c 89
Mar 9 11:13:16 localhost pluto[4314]: | 88 a1 86 e8 37 c7 5e 58 46 9d
77 6b 05 00 00 c4
Mar 9 11:13:16 localhost pluto[4314]: | ae 80 90 a3 c4 ac 7a 67 b3 78
2d 88 7a 03 e3 04
Mar 9 11:13:16 localhost pluto[4314]: | f2 92 5f 28 88 84 b0 08 c3 61
15 a0 bf eb d1 16
Mar 9 11:13:16 localhost pluto[4314]: | d5 91 6c c5 fc 96 4f f4 4f 1e
8e a3 82 ca 54 ab
Mar 9 11:13:16 localhost pluto[4314]: | bf 1d 54 e7 18 ec 44 3c 05 7f
bd a5 ef 0b ae 4f
Mar 9 11:13:16 localhost pluto[4314]: | 6f e9 b4 b3 29 ae c7 d5 48 c6
70 76 94 fd a7 de
Mar 9 11:13:16 localhost pluto[4314]: | 58 d0 ef 5c 08 cb 9b bf 2e 1a
35 f7 14 93 89 df
Mar 9 11:13:16 localhost pluto[4314]: | e1 bb 18 f6 7d 78 06 15 86 77
83 18 1b a0 a3 cd
Mar 9 11:13:16 localhost pluto[4314]: | e1 7c ac 48 ea 04 f7 9c 1e f4
a8 82 ae 6c ad f2
Mar 9 11:13:16 localhost pluto[4314]: | 1b 90 93 b2 f1 be 82 43 43 e1
65 2c c8 5b dc af
Mar 9 11:13:16 localhost pluto[4314]: | 97 5c 29 f6 24 32 8c a4 15 d3
e9 5f 8c 74 ff 9e
Mar 9 11:13:16 localhost pluto[4314]: | db d5 3e 50 00 8f 05 b7 56 e3
fc ed fc a4 1d 85
Mar 9 11:13:16 localhost pluto[4314]: | fc ec 1b b8 95 52 4a 66 72 b8
06 31 d4 ff 39 68
Mar 9 11:13:16 localhost pluto[4314]: | 05 00 00 10 04 00 00 00 0a 06
03 84 ff ff ff ff
Mar 9 11:13:16 localhost pluto[4314]: | 00 00 00 10 04 00 00 00 0a 06
64 00 ff ff ff 00
Mar 9 11:13:16 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
Mar 9 11:13:16 localhost pluto[4314]: | next IV: b6 7e c3 ed a1 52 e8 a6
Mar 9 11:13:16 localhost pluto[4314]: | emitting length of ISAKMP Message:
348
Mar 9 11:13:16 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: transition
from state (null) to state STATE_QUICK_R1
Mar 9 11:13:16 localhost pluto[4314]: | sending 348 bytes for
STATE_QUICK_R0 through eth0 to 10.6.3.132:500:
Mar 9 11:13:16 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
70 9c 52 0c 37 8c
Mar 9 11:13:16 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
01 5c 01 1c 9f ff
Mar 9 11:13:16 localhost pluto[4314]: | 2e 18 48 2d 55 44 50 9c 51 c0
62 a9 98 ba d1 51
Mar 9 11:13:16 localhost pluto[4314]: | b6 c2 de fc bb 84 18 b7 e0 e8
ab 1a bc 32 54 95
Mar 9 11:13:16 localhost pluto[4314]: | 44 f3 a6 55 aa de b5 bf 62 6e
1a c7 a7 42 0e 05
Mar 9 11:13:16 localhost pluto[4314]: | ae 2b 36 20 16 cb 63 c4 a0 2c
91 b0 b4 9e af 3d
Mar 9 11:13:16 localhost pluto[4314]: | da 1c 7c 02 58 fe 1e 1b 5b 0c
64 ed a0 d1 b2 7d
Mar 9 11:13:16 localhost pluto[4314]: | c7 08 03 1d 46 7c c3 ea 9d cf
4f fa 16 1d 3a 7f
Mar 9 11:13:16 localhost pluto[4314]: | 70 fb 9a 40 ac fd 3e 38 c6 8c
f1 70 2d ff 78 36
Mar 9 11:13:16 localhost pluto[4314]: | c1 57 a3 fb a7 f7 b4 cb 85 a7
c2 df cd a0 ae 57
Mar 9 11:13:16 localhost pluto[4314]: | 86 db ce e6 79 ac e9 3b 52 c7
c9 c1 56 7b 3a 07
Mar 9 11:13:16 localhost pluto[4314]: | 87 46 1a 44 2f 96 75 b2 69 14
0f eb dd ec 87 3d
Mar 9 11:13:16 localhost pluto[4314]: | c5 2f d5 fb c8 30 95 48 58 7d
a6 fd 34 dc 45 21
Mar 9 11:13:16 localhost pluto[4314]: | 4b 78 39 5d 84 8a de d2 32 d2
f6 1a 0f 4b 94 62
Mar 9 11:13:16 localhost pluto[4314]: | 08 27 c0 23 4d 8c 7e 4c 70 2b
1d 78 47 fd 38 c3
Mar 9 11:13:16 localhost pluto[4314]: | 0e c4 0c 4b 96 be 39 e2 6a 19
60 c2 fd 3d 0e 9e
Mar 9 11:13:16 localhost pluto[4314]: | 45 ef 63 32 2d 60 78 c3 97 5d
f8 ca 8b 06 26 54
Mar 9 11:13:16 localhost pluto[4314]: | 7a 4d 22 3b 57 dd 11 0b b8 43
b2 67 2b ec 52 41
Mar 9 11:13:16 localhost pluto[4314]: | 29 0e 98 43 7b 9d b3 5b 97 03
84 b4 72 ba df 0a
Mar 9 11:13:16 localhost pluto[4314]: | f4 b9 2a c2 5a 97 d5 37 c5 a2
2e 27 54 fb 33 96
Mar 9 11:13:16 localhost pluto[4314]: | 32 1b 44 5a e7 c6 b3 cb d1 3c
ae 9d 44 1b c8 9c
Mar 9 11:13:16 localhost pluto[4314]: | 29 56 05 6b b6 7e c3 ed a1 52
e8 a6
Mar 9 11:13:16 localhost pluto[4314]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Mar 9 11:13:16 localhost pluto[4314]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Mar 9 11:13:17 localhost pluto[4314]: |
Mar 9 11:13:17 localhost pluto[4314]: | *received 52 bytes from
10.6.3.132:500 on eth0
Mar 9 11:13:17 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c 1c 1d
70 9c 52 0c 37 8c
Mar 9 11:13:17 localhost pluto[4314]: | 08 10 20 01 ae 62 6a 91 00 00
00 34 ec 5e 83 32
Mar 9 11:13:17 localhost pluto[4314]: | da 4a 1c 45 49 f9 16 2d 04 d5
a4 56 ee 16 a2 94
Mar 9 11:13:17 localhost pluto[4314]: | bd 91 de b7
Mar 9 11:13:17 localhost pluto[4314]: | **parse ISAKMP Message:
Mar 9 11:13:17 localhost pluto[4314]: | initiator cookie:
Mar 9 11:13:17 localhost pluto[4314]: | 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:17 localhost pluto[4314]: | responder cookie:
Mar 9 11:13:17 localhost pluto[4314]: | 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:17 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_HASH
Mar 9 11:13:17 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:13:17 localhost pluto[4314]: | exchange type: ISAKMP_XCHG_QUICK
Mar 9 11:13:17 localhost pluto[4314]: | flags: ISAKMP_FLAG_ENCRYPTION
Mar 9 11:13:17 localhost pluto[4314]: | message ID: ae 62 6a 91
Mar 9 11:13:17 localhost pluto[4314]: | length: 52
Mar 9 11:13:17 localhost pluto[4314]: | ICOOKIE: 70 dc 4e a5 c0 44 b1 4c
Mar 9 11:13:17 localhost pluto[4314]: | RCOOKIE: 1c 1d 70 9c 52 0c 37 8c
Mar 9 11:13:17 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:13:17 localhost pluto[4314]: | state hash entry 25
Mar 9 11:13:17 localhost pluto[4314]: | peer and cookies match on #2,
provided msgid ae626a91 vs ae626a91
Mar 9 11:13:17 localhost pluto[4314]: | state object #2 found, in
STATE_QUICK_R1
Mar 9 11:13:17 localhost pluto[4314]: | received encrypted packet from
10.6.3.132:500
Mar 9 11:13:17 localhost pluto[4314]: | decrypting 24 bytes using algorithm
OAKLEY_3DES_CBC
Mar 9 11:13:17 localhost pluto[4314]: | decrypted:
Mar 9 11:13:17 localhost pluto[4314]: | 00 00 00 14 19 f9 c1 d7 2a 51
7e 79 7b c3 83 a5
Mar 9 11:13:17 localhost pluto[4314]: | 6a e7 5d 7b 00 00 00 00
Mar 9 11:13:17 localhost pluto[4314]: | next IV: ee 16 a2 94 bd 91 de b7
Mar 9 11:13:17 localhost pluto[4314]: | ***parse ISAKMP Hash Payload:
Mar 9 11:13:17 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:13:17 localhost pluto[4314]: | length: 20
Mar 9 11:13:17 localhost pluto[4314]: | removing 4 bytes of padding
Mar 9 11:13:17 localhost pluto[4314]: | HASH(3) computed: 19 f9 c1 d7 2a
51 7e 79 7b c3 83 a5 6a e7 5d 7b
Mar 9 11:13:17 localhost pluto[4314]: | install_ipsec_sa() for #2: outbound
only
Mar 9 11:13:17 localhost pluto[4314]: | route owner of "road"[1] 10.6.3.132
unrouted: NULL; eroute owner: NULL
Mar 9 11:13:17 localhost pluto[4314]: | could_route called for road
(kind=CK_INSTANCE)
Mar 9 11:13:17 localhost pluto[4314]: | sr for #2: unrouted
Mar 9 11:13:17 localhost pluto[4314]: | route owner of "road"[1] 10.6.3.132
unrouted: NULL; eroute owner: NULL
Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute with c: road
(next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Mar 9 11:13:17 localhost pluto[4314]: | eroute_connection add eroute
10.6.100.0/24:0 --0-> 10.6.3.132/32:0 => tun.0 at 10.6.3.132 (raw_eroute)
Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:17 localhost pluto[4314]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='road'
PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute:
firewall_notified: true
Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:17 localhost pluto[4314]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='road'
PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
Mar 9 11:13:17 localhost pluto[4314]: | trusted_ca called with a=(empty)
b=(empty)
Mar 9 11:13:17 localhost pluto[4314]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='road'
PLUTO_NEXT_HOP='10.6.3.132' PLUTO_INTERFACE='eth0' PLUTO_ME='10.6.3.133'
PLUTO_MY_ID='@multilinus.multibel.it' PLUTO_MY_CLIENT='10.6.100.0/24'
PLUTO_MY_CLIENT_NET='10.6.100.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.6.3.132'
PLUTO_PEER_ID='@multibel1.multibel.it' PLUTO_PEER_CLIENT='10.6.3.132/32'
PLUTO_PEER_CLIENT_NET='10.6.3.132' PLUTO_PEER_CLIENT_MASK='255.255.255.255'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' ipsec _updown
Mar 9 11:13:17 localhost pluto[4314]: | route_and_eroute: instance
"road"[1] 10.6.3.132, setting eroute_owner {spd=0x80efa5c,sr=0x80efa5c} to
#2 (was #0) (newest_ipsec_sa=#0)
Mar 9 11:13:17 localhost pluto[4314]: | inI2: instance road[1], setting
newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Mar 9 11:13:17 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: transition
from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 9 11:13:17 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
timeout in 28530 seconds for #2
Mar 9 11:13:17 localhost pluto[4314]: "road"[1] 10.6.3.132 #2: IPsec SA
established {ESP=>0x9fcb4416 <0x7eb13e58}
Mar 9 11:13:17 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 3328
seconds for #1
Mar 9 11:56:40 localhost pluto[4314]: |
Mar 9 11:56:40 localhost pluto[4314]: | *received whack message
Mar 9 11:56:40 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:56:40 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 725
seconds for #1
Mar 9 11:56:40 localhost pluto[4314]: |
Mar 9 11:56:40 localhost pluto[4314]: | *received whack message
Mar 9 11:56:40 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:56:40 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 725
seconds for #1
Mar 9 11:56:42 localhost pluto[4314]: |
Mar 9 11:56:42 localhost pluto[4314]: | *received whack message
Mar 9 11:56:42 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 723
seconds for #1
Mar 9 11:57:19 localhost pluto[4314]: |
Mar 9 11:57:19 localhost pluto[4314]: | *received whack message
Mar 9 11:57:19 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:57:19 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 686
seconds for #1
Mar 9 11:57:19 localhost pluto[4314]: |
Mar 9 11:57:19 localhost pluto[4314]: | *received whack message
Mar 9 11:57:19 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:57:19 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 686
seconds for #1
Mar 9 11:57:21 localhost pluto[4314]: |
Mar 9 11:57:21 localhost pluto[4314]: | *received whack message
Mar 9 11:57:21 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 684
seconds for #1
Mar 9 11:57:57 localhost pluto[4314]: |
Mar 9 11:57:57 localhost pluto[4314]: | *received whack message
Mar 9 11:57:57 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:57:57 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 648
seconds for #1
Mar 9 11:57:57 localhost pluto[4314]: |
Mar 9 11:57:57 localhost pluto[4314]: | *received whack message
Mar 9 11:57:57 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:57:57 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 648
seconds for #1
Mar 9 11:58:00 localhost pluto[4314]: |
Mar 9 11:58:00 localhost pluto[4314]: | *received whack message
Mar 9 11:58:00 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 645
seconds for #1
Mar 9 11:58:26 localhost pluto[4314]: |
Mar 9 11:58:26 localhost pluto[4314]: | *received 176 bytes from
10.6.3.132:500 on eth0
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e 00 00
00 00 00 00 00 00
Mar 9 11:58:26 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
00 b0 00 00 00 94
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
00 88 00 01 00 04
Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 00 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
00 03 80 04 00 05
Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 01 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
00 03 80 04 00 02
Mar 9 11:58:26 localhost pluto[4314]: | 03 00 00 20 02 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
00 03 80 04 00 05
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 20 03 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 02 80 03
00 03 80 04 00 02
Mar 9 11:58:26 localhost pluto[4314]: | **parse ISAKMP Message:
Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 00 00 00 00 00
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:58:26 localhost pluto[4314]: | flags: none
Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:58:26 localhost pluto[4314]: | length: 176
Mar 9 11:58:26 localhost pluto[4314]: | ***parse ISAKMP Security
Association Payload:
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:58:26 localhost pluto[4314]: | length: 148
Mar 9 11:58:26 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:58:26 localhost pluto[4314]: | creating state object #3 at
0x80f0f20
Mar 9 11:58:26 localhost pluto[4314]: | ICOOKIE: c1 07 f0 35 8a 80 67 6e
Mar 9 11:58:26 localhost pluto[4314]: | RCOOKIE: c7 be 1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:58:26 localhost pluto[4314]: | state hash entry 0
Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #3
Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: responding
to Main Mode from unknown peer 10.6.3.132
Mar 9 11:58:26 localhost pluto[4314]: | **emit ISAKMP Message:
Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
Mar 9 11:58:26 localhost pluto[4314]: | c7 be 1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_SA
Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:58:26 localhost pluto[4314]: | flags: none
Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:58:26 localhost pluto[4314]: | ***emit ISAKMP Security Association
Payload:
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:58:26 localhost pluto[4314]: | DOI: ISAKMP_DOI_IPSEC
Mar 9 11:58:26 localhost pluto[4314]: | ****parse IPsec DOI SIT:
Mar 9 11:58:26 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:58:26 localhost pluto[4314]: | ****parse ISAKMP Proposal Payload:
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:58:26 localhost pluto[4314]: | length: 136
Mar 9 11:58:26 localhost pluto[4314]: | proposal number: 0
Mar 9 11:58:26 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
Mar 9 11:58:26 localhost pluto[4314]: | SPI size: 0
Mar 9 11:58:26 localhost pluto[4314]: | number of transforms: 4
Mar 9 11:58:26 localhost pluto[4314]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Mar 9 11:58:26 localhost pluto[4314]: | next payload type: ISAKMP_NEXT_T
Mar 9 11:58:26 localhost pluto[4314]: | length: 32
Mar 9 11:58:26 localhost pluto[4314]: | transform number: 0
Mar 9 11:58:26 localhost pluto[4314]: | transform ID: KEY_IKE
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_LIFE_TYPE
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 1
Mar 9 11:58:26 localhost pluto[4314]: | [1 is OAKLEY_LIFE_SECONDS]
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_LIFE_DURATION
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 3600
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 5
Mar 9 11:58:26 localhost pluto[4314]: | [5 is OAKLEY_3DES_CBC]
Mar 9 11:58:26 localhost pluto[4314]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type: OAKLEY_HASH_ALGORITHM
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 1
Mar 9 11:58:26 localhost pluto[4314]: | [1 is OAKLEY_MD5]
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 3
Mar 9 11:58:26 localhost pluto[4314]: | [3 is OAKLEY_RSA_SIG]
Mar 9 11:58:26 localhost pluto[4314]: | ******parse ISAKMP Oakley
attribute:
Mar 9 11:58:26 localhost pluto[4314]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Mar 9 11:58:26 localhost pluto[4314]: | length/value: 5
Mar 9 11:58:26 localhost pluto[4314]: | [5 is OAKLEY_GROUP_MODP1536]
Mar 9 11:58:26 localhost pluto[4314]: | Oakley Transform 0 accepted
Mar 9 11:58:26 localhost pluto[4314]: | ****emit IPsec DOI SIT:
Mar 9 11:58:26 localhost pluto[4314]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Mar 9 11:58:26 localhost pluto[4314]: | ****emit ISAKMP Proposal Payload:
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:58:26 localhost pluto[4314]: | proposal number: 0
Mar 9 11:58:26 localhost pluto[4314]: | protocol ID: PROTO_ISAKMP
Mar 9 11:58:26 localhost pluto[4314]: | SPI size: 0
Mar 9 11:58:26 localhost pluto[4314]: | number of transforms: 1
Mar 9 11:58:26 localhost pluto[4314]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_NONE
Mar 9 11:58:26 localhost pluto[4314]: | transform number: 0
Mar 9 11:58:26 localhost pluto[4314]: | transform ID: KEY_IKE
Mar 9 11:58:26 localhost pluto[4314]: | emitting 24 raw bytes of attributes
into ISAKMP Transform Payload (ISAKMP)
Mar 9 11:58:26 localhost pluto[4314]: | attributes 80 0b 00 01 80 0c 0e
10 80 01 00 05 80 02 00 01
Mar 9 11:58:26 localhost pluto[4314]: | 80 03 00 03 80 04 00 05
Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Proposal
Payload: 40
Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Security
Association Payload: 52
Mar 9 11:58:26 localhost pluto[4314]: | sender checking NAT-t: 0 and 0
Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Message:
80
Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: transition
from state (null) to state STATE_MAIN_R1
Mar 9 11:58:26 localhost pluto[4314]: | sending 80 bytes for STATE_MAIN_R0
through eth0 to 10.6.3.132:500:
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | 01 10 02 00 00 00 00 00 00 00
00 50 00 00 00 34
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 01 00 00 00 01 00 00
00 28 00 01 00 01
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 20 00 01 00 00 80 0b
00 01 80 0c 0e 10
Mar 9 11:58:26 localhost pluto[4314]: | 80 01 00 05 80 02 00 01 80 03
00 03 80 04 00 05
Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #3
Mar 9 11:58:26 localhost pluto[4314]: | next event EVENT_RETRANSMIT in 10
seconds for #3
Mar 9 11:58:26 localhost pluto[4314]: |
Mar 9 11:58:26 localhost pluto[4314]: | *received 244 bytes from
10.6.3.132:500 on eth0
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | 04 10 02 00 00 00 00 00 00 00
00 f4 0a 00 00 c4
Mar 9 11:58:26 localhost pluto[4314]: | 03 08 4e 68 66 a4 cc 46 3d ba
d0 ab 12 81 d7 aa
Mar 9 11:58:26 localhost pluto[4314]: | e1 f6 df b8 29 83 0b 49 05 04
77 5a 5d 8e ea cf
Mar 9 11:58:26 localhost pluto[4314]: | d8 58 27 28 9a 41 35 91 16 a5
f2 e1 af fa 3f f8
Mar 9 11:58:26 localhost pluto[4314]: | 83 c2 85 15 c3 5d 93 69 1f 79
0d 66 e0 ec f6 7b
Mar 9 11:58:26 localhost pluto[4314]: | 4e fa dc 75 36 4f 65 5c 45 92
0a d3 85 a9 b8 24
Mar 9 11:58:26 localhost pluto[4314]: | 2c cd f6 15 83 39 c2 17 40 3d
0d 1e 4e b9 0b d1
Mar 9 11:58:26 localhost pluto[4314]: | 11 11 04 a6 c1 d9 a4 d8 ab 01
63 b3 d1 47 66 73
Mar 9 11:58:26 localhost pluto[4314]: | a1 29 b6 e9 e6 2b 0d cb 8b 61
b7 b5 fb c5 2b 2d
Mar 9 11:58:26 localhost pluto[4314]: | 67 22 c1 51 b5 66 3e a3 79 2a
96 87 73 48 de f9
Mar 9 11:58:26 localhost pluto[4314]: | 9f 7f 77 f1 a0 bd fd 10 d7 3c
da 1b 14 ec 76 cc
Mar 9 11:58:26 localhost pluto[4314]: | 7f 00 fb 28 de ea 48 86 0d f6
f2 80 72 8a b7 b5
Mar 9 11:58:26 localhost pluto[4314]: | bd 03 c4 d7 7b f3 e9 07 14 6b
33 a3 32 c6 fc 4d
Mar 9 11:58:26 localhost pluto[4314]: | 00 00 00 14 90 dd 95 a3 ee e1
38 d4 d4 f1 90 a2
Mar 9 11:58:26 localhost pluto[4314]: | b8 f7 65 2d
Mar 9 11:58:26 localhost pluto[4314]: | **parse ISAKMP Message:
Mar 9 11:58:26 localhost pluto[4314]: | initiator cookie:
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e
Mar 9 11:58:26 localhost pluto[4314]: | responder cookie:
Mar 9 11:58:26 localhost pluto[4314]: | c7 be 1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | next payload type:
ISAKMP_NEXT_KE
Mar 9 11:58:26 localhost pluto[4314]: | ISAKMP version: ISAKMP Version
1.0
Mar 9 11:58:26 localhost pluto[4314]: | exchange type:
ISAKMP_XCHG_IDPROT
Mar 9 11:58:26 localhost pluto[4314]: | flags: none
Mar 9 11:58:26 localhost pluto[4314]: | message ID: 00 00 00 00
Mar 9 11:58:26 localhost pluto[4314]: | length: 244
Mar 9 11:58:26 localhost pluto[4314]: | ICOOKIE: c1 07 f0 35 8a 80 67 6e
Mar 9 11:58:26 localhost pluto[4314]: | RCOOKIE: c7 be 1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | peer: 0a 06 03 84
Mar 9 11:58:26 localhost pluto[4314]: | state hash entry 0
Mar 9 11:58:26 localhost pluto[4314]: | b2 c5
Mar 9 11:58:26 localhost pluto[4314]: | emitting 6 zero bytes of encryption
padding into ISAKMP Message
Mar 9 11:58:26 localhost pluto[4314]: | encrypting using OAKLEY_3DES_CBC
Mar 9 11:58:26 localhost pluto[4314]: | next IV: a1 a8 3e fc 52 55 32 c5
Mar 9 11:58:26 localhost pluto[4314]: | emitting length of ISAKMP Message:
324
Mar 9 11:58:26 localhost pluto[4314]: | last encrypted block of Phase 1:
Mar 9 11:58:26 localhost pluto[4314]: | a1 a8 3e fc 52 55 32 c5
Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 9 11:58:26 localhost pluto[4314]: | sending 324 bytes for STATE_MAIN_R2
through eth0 to 10.6.3.132:500:
Mar 9 11:58:26 localhost pluto[4314]: | c1 07 f0 35 8a 80 67 6e c7 be
1f f8 44 33 91 97
Mar 9 11:58:26 localhost pluto[4314]: | 05 10 02 01 00 00 00 00 00 00
01 44 e0 98 38 fd
Mar 9 11:58:26 localhost pluto[4314]: | 6c 6f d3 6c e6 8c e3 64 33 69
34 d9 b2 93 48 1d
Mar 9 11:58:26 localhost pluto[4314]: | d5 77 e5 14 32 23 ec 1a f0 83
e4 cc 51 78 bc a5
Mar 9 11:58:26 localhost pluto[4314]: | b6 54 97 b3 36 c8 dd 6e c5 0b
6a e9 c4 14 27 ea
Mar 9 11:58:26 localhost pluto[4314]: | 8a 14 8a 90 ca 06 05 34 4c 93
c3 73 87 74 39 e8
Mar 9 11:58:26 localhost pluto[4314]: | 20 d7 8d 86 a0 17 6e da 5d fe
74 62 4a c5 c1 7c
Mar 9 11:58:26 localhost pluto[4314]: | 84 85 2e 44 c3 94 0e cc 91 de
d2 18 08 3c e9 95
Mar 9 11:58:26 localhost pluto[4314]: | c0 00 77 17 ae 2f 39 d7 bb fd
9d 66 e7 55 33 71
Mar 9 11:58:26 localhost pluto[4314]: | a6 21 b1 37 7f 68 ad be eb fc
6e 40 82 a1 31 70
Mar 9 11:58:26 localhost pluto[4314]: | 1c 1a b2 0a c1 3c 81 90 79 66
79 b4 6d ce 65 fa
Mar 9 11:58:26 localhost pluto[4314]: | 5b 3b fe a7 b8 b3 24 21 9e c6
06 4a 64 b1 8d 81
Mar 9 11:58:26 localhost pluto[4314]: | 87 0f b5 96 8b d3 fd 23 6a b4
ac 10 11 61 dc 0b
Mar 9 11:58:26 localhost pluto[4314]: | 33 94 e8 af 26 fc 11 b6 e9 01
bc 91 80 5c 49 ab
Mar 9 11:58:26 localhost pluto[4314]: | 18 b3 65 0e b9 bc b2 e5 97 a3
97 4f 19 20 66 11
Mar 9 11:58:26 localhost pluto[4314]: | 85 2b a8 62 19 1d ce ce b9 ef
b2 cd 82 51 01 f9
Mar 9 11:58:26 localhost pluto[4314]: | 97 d6 30 53 5e b2 2c c2 f0 34
40 ac aa d1 67 34
Mar 9 11:58:26 localhost pluto[4314]: | 0c a5 dc 84 09 20 78 e5 2e b8
e8 dc a6 ca 5f 49
Mar 9 11:58:26 localhost pluto[4314]: | d2 c0 f8 e4 b0 36 b0 60 c4 20
56 13 e5 78 d6 fd
Mar 9 11:58:26 localhost pluto[4314]: | f6 b6 1a a9 62 14 3b 53 a4 95
49 a0 a1 a8 3e fc
Mar 9 11:58:26 localhost pluto[4314]: | 52 55 32 c5
Mar 9 11:58:26 localhost pluto[4314]: | inserting event EVENT_SA_REPLACE,
timeout in 3330 seconds for #3
Mar 9 11:58:26 localhost pluto[4314]: "road"[1] 10.6.3.132 #3: sent MR3,
ISAKMP SA established
Mar 9 11:58:26 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 619
seconds for #1
Mar 9 11:59:03 localhost pluto[4314]: |
Mar 9 11:59:03 localhost pluto[4314]: | *received whack message
Mar 9 11:59:03 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:59:03 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 582
seconds for #1
Mar 9 11:59:04 localhost pluto[4314]: |
Mar 9 11:59:04 localhost pluto[4314]: | *received whack message
Mar 9 11:59:04 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 11:59:04 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 581
seconds for #1
Mar 9 11:59:06 localhost pluto[4314]: |
Mar 9 11:59:06 localhost pluto[4314]: | *received whack message
Mar 9 11:59:06 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 579
seconds for #1
Mar 9 12:01:43 localhost pluto[4314]: |
Mar 9 12:01:43 localhost pluto[4314]: | *received whack message
Mar 9 12:01:43 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 12:01:43 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 422
seconds for #1
Mar 9 12:01:44 localhost pluto[4314]: |
Mar 9 12:01:44 localhost pluto[4314]: | *received whack message
Mar 9 12:01:44 localhost pluto[4314]: | kernel_alg_esp_enc_ok(3,0):
alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Mar 9 12:01:44 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 421
seconds for #1
Mar 9 12:01:46 localhost pluto[4314]: |
Mar 9 12:01:46 localhost pluto[4314]: | *received whack message
Mar 9 12:01:46 localhost pluto[4314]: | next event EVENT_SA_REPLACE in 419
seconds for #1
+ _________________________ date
+ date
Thu Mar 9 12:01:46 CET 2006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060310/00b0e1b9/attachment-0001.htm
More information about the Users
mailing list