[Openswan Users] Ipsec Tunnel Between openswan & Windows XP
Walied Meghezel
wmeghezel at gmail.com
Mon Mar 27 13:04:48 CEST 2006
Ipsec Tunnel Between openswan & Windows XP
I have an XP machine trying to connect it to OPENSWAN Gateway using the
following
configurations
XP:
client using ipsecpol
X509 certificate imported using certimport
connection using dial-up modem
OPENSWAN:
ipsec.secrets:
: RSA local.key "local"
ipsec.conf:
config setup
interfaces="ipsec0=eth0"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
#connections
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.1.0/24
left=XXX.xxx.xxx.xxx # my gateway IP
leftcert=local.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
THe result is the connection never established with the following traces
XP oakley file :
3-27: 11:18:59:773:6dc Acquire from driver: op=FEC51638 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:18:59:823:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:18:59:913:d98 MM PolicyName: 2
3-27: 11:18:59:913:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:18:59:913:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:18:59:933:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:18:59:933:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:18:59:933:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:18:59:933:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:18:59:933:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:18:59:933:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:18:59:933:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = FEC51638, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:18:59:933:d98 constructing ISAKMP Header
3-27: 11:18:59:933:d98 constructing SA (ISAKMP)
3-27: 11:18:59:933:d98 Constructing Vendor
3-27: 11:18:59:943:d98
3-27: 11:18:59:943:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:18:59:943:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:18:59:943:d98 I-COOKIE c3412d34c003e5e7
3-27: 11:18:59:943:d98 R-COOKIE 0000000000000000
3-27: 11:18:59:943:d98 exchange: Oakley Main Mode
3-27: 11:18:59:943:d98 flags: 0
3-27: 11:18:59:943:d98 next payload: SA
3-27: 11:18:59:943:d98 message ID: 00000000
3-27: 11:19:00:954:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:19:00:954:6e4
3-27: 11:19:00:954:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:19:00:954:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:19:00:954:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:19:00:954:6e4 R-COOKIE 0000000000000000
3-27: 11:19:00:954:6e4 exchange: Oakley Main Mode
3-27: 11:19:00:954:6e4 flags: 0
3-27: 11:19:00:954:6e4 next payload: SA
3-27: 11:19:00:954:6e4 message ID: 00000000
3-27: 11:19:02:957:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:19:02:957:6e4
3-27: 11:19:02:957:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:19:02:957:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:19:02:957:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:19:02:957:6e4 R-COOKIE 0000000000000000
3-27: 11:19:02:957:6e4 exchange: Oakley Main Mode
3-27: 11:19:02:957:6e4 flags: 0
3-27: 11:19:02:957:6e4 next payload: SA
3-27: 11:19:02:957:6e4 message ID: 00000000
3-27: 11:19:06:963:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
3
3-27: 11:19:06:963:6e4
3-27: 11:19:06:963:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:19:06:963:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:19:06:963:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:19:06:963:6e4 R-COOKIE 0000000000000000
3-27: 11:19:06:963:6e4 exchange: Oakley Main Mode
3-27: 11:19:06:963:6e4 flags: 0
3-27: 11:19:06:963:6e4 next payload: SA
3-27: 11:19:06:963:6e4 message ID: 00000000
3-27: 11:19:14:965:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
4
3-27: 11:19:14:965:6e4
3-27: 11:19:14:965:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:19:14:965:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:19:14:965:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:19:14:965:6e4 R-COOKIE 0000000000000000
3-27: 11:19:14:965:6e4 exchange: Oakley Main Mode
3-27: 11:19:14:965:6e4 flags: 0
3-27: 11:19:14:965:6e4 next payload: SA
3-27: 11:19:14:965:6e4 message ID: 00000000
3-27: 11:19:30:968:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
5
3-27: 11:19:30:968:6e4
3-27: 11:19:30:968:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:19:30:968:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:19:30:968:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:19:30:968:6e4 R-COOKIE 0000000000000000
3-27: 11:19:30:968:6e4 exchange: Oakley Main Mode
3-27: 11:19:30:968:6e4 flags: 0
3-27: 11:19:30:968:6e4 next payload: SA
3-27: 11:19:30:968:6e4 message ID: 00000000
3-27: 11:20:02:974:6e4 retransmit exhausted: sa = 000F08E8 centry 00000000,
count = 6
3-27: 11:20:02:974:6e4 SA Dead. sa:000F08E8 status:35ed
3-27: 11:20:02:974:6e4 isadb_set_status sa:000F08E8 centry:00000000 status
35ed
3-27: 11:20:03:64:6e4 Key Exchange Mode (Main Mode)
3-27: 11:20:03:64:6e4 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
3-27: 11:20:03:64:6e4
3-27: 11:20:03:64:6e4 Me
3-27: 11:20:03:64:6e4 No response from peer
3-27: 11:20:03:64:6e4 0x0 0x0
3-27: 11:20:03:64:6e4 constructing ISAKMP Header
3-27: 11:20:03:64:6e4 constructing DELETE. MM 000F08E8
3-27: 11:20:03:64:6e4
3-27: 11:20:03:64:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 1
3-27: 11:20:03:64:6e4 ISAKMP Header: (V1.0), len = 56
3-27: 11:20:03:64:6e4 I-COOKIE c3412d34c003e5e7
3-27: 11:20:03:64:6e4 R-COOKIE 0000000000000000
3-27: 11:20:03:64:6e4 exchange: ISAKMP Informational Exchange
3-27: 11:20:03:64:6e4 flags: 0
3-27: 11:20:03:64:6e4 next payload: DELETE
3-27: 11:20:03:64:6e4 message ID: 80da8b08
3-27: 11:20:55:339:6dc Acquire from driver: op=FFBC2650 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:20:55:339:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:20:55:339:d98 MM PolicyName: 2
3-27: 11:20:55:339:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:20:55:339:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:20:55:339:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:20:55:339:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:20:55:339:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:20:55:339:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:20:55:339:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:20:55:339:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:20:55:339:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = FFBC2650, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:20:55:339:d98 constructing ISAKMP Header
3-27: 11:20:55:339:d98 constructing SA (ISAKMP)
3-27: 11:20:55:339:d98 Constructing Vendor
3-27: 11:20:55:339:d98
3-27: 11:20:55:339:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:20:55:339:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:20:55:339:d98 I-COOKIE 9b421daa26d69f50
3-27: 11:20:55:339:d98 R-COOKIE 0000000000000000
3-27: 11:20:55:339:d98 exchange: Oakley Main Mode
3-27: 11:20:55:339:d98 flags: 0
3-27: 11:20:55:339:d98 next payload: SA
3-27: 11:20:55:339:d98 message ID: 00000000
3-27: 11:20:56:340:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:20:56:340:6e4
3-27: 11:20:56:340:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:20:56:340:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:20:56:340:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:20:56:340:6e4 R-COOKIE 0000000000000000
3-27: 11:20:56:340:6e4 exchange: Oakley Main Mode
3-27: 11:20:56:340:6e4 flags: 0
3-27: 11:20:56:340:6e4 next payload: SA
3-27: 11:20:56:340:6e4 message ID: 00000000
3-27: 11:20:58:343:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:20:58:343:6e4
3-27: 11:20:58:343:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:20:58:343:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:20:58:343:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:20:58:343:6e4 R-COOKIE 0000000000000000
3-27: 11:20:58:343:6e4 exchange: Oakley Main Mode
3-27: 11:20:58:343:6e4 flags: 0
3-27: 11:20:58:343:6e4 next payload: SA
3-27: 11:20:58:343:6e4 message ID: 00000000
3-27: 11:21:02:349:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
3
3-27: 11:21:02:349:6e4
3-27: 11:21:02:349:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:21:02:349:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:21:02:349:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:21:02:349:6e4 R-COOKIE 0000000000000000
3-27: 11:21:02:349:6e4 exchange: Oakley Main Mode
3-27: 11:21:02:349:6e4 flags: 0
3-27: 11:21:02:349:6e4 next payload: SA
3-27: 11:21:02:349:6e4 message ID: 00000000
3-27: 11:21:10:351:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
4
3-27: 11:21:10:351:6e4
3-27: 11:21:10:351:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:21:10:351:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:21:10:351:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:21:10:351:6e4 R-COOKIE 0000000000000000
3-27: 11:21:10:351:6e4 exchange: Oakley Main Mode
3-27: 11:21:10:351:6e4 flags: 0
3-27: 11:21:10:351:6e4 next payload: SA
3-27: 11:21:10:351:6e4 message ID: 00000000
3-27: 11:21:26:354:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
5
3-27: 11:21:26:354:6e4
3-27: 11:21:26:354:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:21:26:354:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:21:26:354:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:21:26:354:6e4 R-COOKIE 0000000000000000
3-27: 11:21:26:354:6e4 exchange: Oakley Main Mode
3-27: 11:21:26:354:6e4 flags: 0
3-27: 11:21:26:354:6e4 next payload: SA
3-27: 11:21:26:354:6e4 message ID: 00000000
3-27: 11:21:58:360:6e4 retransmit exhausted: sa = 000F08E8 centry 00000000,
count = 6
3-27: 11:21:58:360:6e4 SA Dead. sa:000F08E8 status:35ed
3-27: 11:21:58:360:6e4 isadb_set_status sa:000F08E8 centry:00000000 status
35ed
3-27: 11:21:58:360:6e4 Key Exchange Mode (Main Mode)
3-27: 11:21:58:360:6e4 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
3-27: 11:21:58:360:6e4
3-27: 11:21:58:360:6e4 Me
3-27: 11:21:58:360:6e4 No response from peer
3-27: 11:21:58:360:6e4 0x0 0x0
3-27: 11:21:58:360:6e4 constructing ISAKMP Header
3-27: 11:21:58:360:6e4 constructing DELETE. MM 000F08E8
3-27: 11:21:58:360:6e4
3-27: 11:21:58:360:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 1
3-27: 11:21:58:360:6e4 ISAKMP Header: (V1.0), len = 56
3-27: 11:21:58:360:6e4 I-COOKIE 9b421daa26d69f50
3-27: 11:21:58:360:6e4 R-COOKIE 0000000000000000
3-27: 11:21:58:360:6e4 exchange: ISAKMP Informational Exchange
3-27: 11:21:58:360:6e4 flags: 0
3-27: 11:21:58:360:6e4 next payload: DELETE
3-27: 11:21:58:360:6e4 message ID: c0272e7d
3-27: 11:22:53:429:6dc Acquire from driver: op=FFB04650 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:22:53:429:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:22:53:429:d98 MM PolicyName: 2
3-27: 11:22:53:429:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:22:53:429:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:22:53:429:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:22:53:429:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:22:53:429:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:22:53:429:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:22:53:429:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:22:53:429:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:22:53:429:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = FFB04650, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:22:53:429:d98 constructing ISAKMP Header
3-27: 11:22:53:429:d98 constructing SA (ISAKMP)
3-27: 11:22:53:429:d98 Constructing Vendor
3-27: 11:22:53:429:d98
3-27: 11:22:53:429:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:22:53:429:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:22:53:429:d98 I-COOKIE 2571f456324263fd
3-27: 11:22:53:429:d98 R-COOKIE 0000000000000000
3-27: 11:22:53:429:d98 exchange: Oakley Main Mode
3-27: 11:22:53:429:d98 flags: 0
3-27: 11:22:53:429:d98 next payload: SA
3-27: 11:22:53:429:d98 message ID: 00000000
3-27: 11:22:54:430:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:22:54:430:6e4
3-27: 11:22:54:430:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:22:54:430:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:22:54:430:6e4 I-COOKIE 2571f456324263fd
3-27: 11:22:54:430:6e4 R-COOKIE 0000000000000000
3-27: 11:22:54:430:6e4 exchange: Oakley Main Mode
3-27: 11:22:54:430:6e4 flags: 0
3-27: 11:22:54:430:6e4 next payload: SA
3-27: 11:22:54:430:6e4 message ID: 00000000
3-27: 11:22:56:433:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:22:56:433:6e4
3-27: 11:22:56:433:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:22:56:433:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:22:56:433:6e4 I-COOKIE 2571f456324263fd
3-27: 11:22:56:433:6e4 R-COOKIE 0000000000000000
3-27: 11:22:56:433:6e4 exchange: Oakley Main Mode
3-27: 11:22:56:433:6e4 flags: 0
3-27: 11:22:56:433:6e4 next payload: SA
3-27: 11:22:56:433:6e4 message ID: 00000000
3-27: 11:23:00:439:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
3
3-27: 11:23:00:439:6e4
3-27: 11:23:00:439:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:23:00:439:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:23:00:439:6e4 I-COOKIE 2571f456324263fd
3-27: 11:23:00:439:6e4 R-COOKIE 0000000000000000
3-27: 11:23:00:439:6e4 exchange: Oakley Main Mode
3-27: 11:23:00:439:6e4 flags: 0
3-27: 11:23:00:439:6e4 next payload: SA
3-27: 11:23:00:439:6e4 message ID: 00000000
3-27: 11:23:08:440:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
4
3-27: 11:23:08:440:6e4
3-27: 11:23:08:440:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:23:08:440:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:23:08:440:6e4 I-COOKIE 2571f456324263fd
3-27: 11:23:08:440:6e4 R-COOKIE 0000000000000000
3-27: 11:23:08:440:6e4 exchange: Oakley Main Mode
3-27: 11:23:08:440:6e4 flags: 0
3-27: 11:23:08:440:6e4 next payload: SA
3-27: 11:23:08:440:6e4 message ID: 00000000
3-27: 11:23:24:443:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
5
3-27: 11:23:24:443:6e4
3-27: 11:23:24:443:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:23:24:443:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:23:24:443:6e4 I-COOKIE 2571f456324263fd
3-27: 11:23:24:443:6e4 R-COOKIE 0000000000000000
3-27: 11:23:24:443:6e4 exchange: Oakley Main Mode
3-27: 11:23:24:443:6e4 flags: 0
3-27: 11:23:24:443:6e4 next payload: SA
3-27: 11:23:24:443:6e4 message ID: 00000000
3-27: 11:23:49:600:d98 SA Dead. sa:000F08E8 status:35f0
3-27: 11:23:49:600:d98 isadb_set_status sa:000F08E8 centry:00000000 status
35f0
3-27: 11:23:49:680:d98 Key Exchange Mode (Main Mode)
3-27: 11:23:49:680:d98 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
3-27: 11:23:49:680:d98
3-27: 11:23:49:680:d98 Me
3-27: 11:23:49:680:d98 IKE SA deleted before establishment completed
3-27: 11:23:49:680:d98 0x0 0x0
3-27: 11:23:49:680:d98 constructing ISAKMP Header
3-27: 11:23:49:680:d98 constructing DELETE. MM 000F08E8
3-27: 11:23:49:680:d98
3-27: 11:23:49:680:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 1
3-27: 11:23:49:680:d98 ISAKMP Header: (V1.0), len = 56
3-27: 11:23:49:680:d98 I-COOKIE 2571f456324263fd
3-27: 11:23:49:680:d98 R-COOKIE 0000000000000000
3-27: 11:23:49:680:d98 exchange: ISAKMP Informational Exchange
3-27: 11:23:49:680:d98 flags: 0
3-27: 11:23:49:680:d98 next payload: DELETE
3-27: 11:23:49:680:d98 message ID: 4c04df06
3-27: 11:24:55:785:6dc Acquire from driver: op=FDA3AE40 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:24:55:785:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:24:55:785:d98 MM PolicyName: 2
3-27: 11:24:55:785:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:24:55:785:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:24:55:785:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:24:55:785:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:24:55:785:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:24:55:785:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:24:55:785:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:24:55:785:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:24:55:785:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = FDA3AE40, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:24:55:785:d98 constructing ISAKMP Header
3-27: 11:24:55:785:d98 constructing SA (ISAKMP)
3-27: 11:24:55:785:d98 Constructing Vendor
3-27: 11:24:55:785:d98
3-27: 11:24:55:785:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:24:55:785:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:24:55:785:d98 I-COOKIE 74459731891b9629
3-27: 11:24:55:785:d98 R-COOKIE 0000000000000000
3-27: 11:24:55:785:d98 exchange: Oakley Main Mode
3-27: 11:24:55:785:d98 flags: 0
3-27: 11:24:55:785:d98 next payload: SA
3-27: 11:24:55:785:d98 message ID: 00000000
3-27: 11:24:56:786:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:24:56:786:6e4
3-27: 11:24:56:786:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:24:56:786:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:24:56:786:6e4 I-COOKIE 74459731891b9629
3-27: 11:24:56:786:6e4 R-COOKIE 0000000000000000
3-27: 11:24:56:786:6e4 exchange: Oakley Main Mode
3-27: 11:24:56:786:6e4 flags: 0
3-27: 11:24:56:786:6e4 next payload: SA
3-27: 11:24:56:786:6e4 message ID: 00000000
3-27: 11:24:58:789:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:24:58:789:6e4
3-27: 11:24:58:789:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:24:58:789:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:24:58:789:6e4 I-COOKIE 74459731891b9629
3-27: 11:24:58:789:6e4 R-COOKIE 0000000000000000
3-27: 11:24:58:789:6e4 exchange: Oakley Main Mode
3-27: 11:24:58:789:6e4 flags: 0
3-27: 11:24:58:789:6e4 next payload: SA
3-27: 11:24:58:789:6e4 message ID: 00000000
3-27: 11:25:02:795:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
3
3-27: 11:25:02:795:6e4
3-27: 11:25:02:795:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:25:02:795:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:25:02:795:6e4 I-COOKIE 74459731891b9629
3-27: 11:25:02:795:6e4 R-COOKIE 0000000000000000
3-27: 11:25:02:795:6e4 exchange: Oakley Main Mode
3-27: 11:25:02:795:6e4 flags: 0
3-27: 11:25:02:795:6e4 next payload: SA
3-27: 11:25:02:795:6e4 message ID: 00000000
3-27: 11:25:10:796:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
4
3-27: 11:25:10:796:6e4
3-27: 11:25:10:796:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:25:10:796:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:25:10:796:6e4 I-COOKIE 74459731891b9629
3-27: 11:25:10:796:6e4 R-COOKIE 0000000000000000
3-27: 11:25:10:796:6e4 exchange: Oakley Main Mode
3-27: 11:25:10:796:6e4 flags: 0
3-27: 11:25:10:796:6e4 next payload: SA
3-27: 11:25:10:796:6e4 message ID: 00000000
3-27: 11:25:26:799:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
5
3-27: 11:25:26:799:6e4
3-27: 11:25:26:799:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:25:26:799:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:25:26:799:6e4 I-COOKIE 74459731891b9629
3-27: 11:25:26:799:6e4 R-COOKIE 0000000000000000
3-27: 11:25:26:799:6e4 exchange: Oakley Main Mode
3-27: 11:25:26:799:6e4 flags: 0
3-27: 11:25:26:799:6e4 next payload: SA
3-27: 11:25:26:799:6e4 message ID: 00000000
3-27: 11:25:58:805:6e4 retransmit exhausted: sa = 000F08E8 centry 00000000,
count = 6
3-27: 11:25:58:805:6e4 SA Dead. sa:000F08E8 status:35ed
3-27: 11:25:58:805:6e4 isadb_set_status sa:000F08E8 centry:00000000 status
35ed
3-27: 11:25:58:805:6e4 Key Exchange Mode (Main Mode)
3-27: 11:25:58:805:6e4 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
3-27: 11:25:58:805:6e4
3-27: 11:25:58:805:6e4 Me
3-27: 11:25:58:805:6e4 No response from peer
3-27: 11:25:58:805:6e4 0x0 0x0
3-27: 11:25:58:805:6e4 constructing ISAKMP Header
3-27: 11:25:58:805:6e4 constructing DELETE. MM 000F08E8
3-27: 11:25:58:805:6e4
3-27: 11:25:58:805:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 1
3-27: 11:25:58:805:6e4 ISAKMP Header: (V1.0), len = 56
3-27: 11:25:58:805:6e4 I-COOKIE 74459731891b9629
3-27: 11:25:58:805:6e4 R-COOKIE 0000000000000000
3-27: 11:25:58:805:6e4 exchange: ISAKMP Informational Exchange
3-27: 11:25:58:805:6e4 flags: 0
3-27: 11:25:58:805:6e4 next payload: DELETE
3-27: 11:25:58:805:6e4 message ID: 55d165c6
3-27: 11:26:51:441:6dc Acquire from driver: op=80DF2090 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:26:51:441:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:26:51:441:d98 MM PolicyName: 2
3-27: 11:26:51:441:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:26:51:441:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:26:51:441:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:26:51:441:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:26:51:441:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:26:51:441:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:26:51:441:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:26:51:441:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:26:51:441:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = 80DF2090, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:26:51:441:d98 constructing ISAKMP Header
3-27: 11:26:51:441:d98 constructing SA (ISAKMP)
3-27: 11:26:51:441:d98 Constructing Vendor
3-27: 11:26:51:441:d98
3-27: 11:26:51:441:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:26:51:441:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:26:51:441:d98 I-COOKIE fecdeea209cca806
3-27: 11:26:51:441:d98 R-COOKIE 0000000000000000
3-27: 11:26:51:441:d98 exchange: Oakley Main Mode
3-27: 11:26:51:441:d98 flags: 0
3-27: 11:26:51:441:d98 next payload: SA
3-27: 11:26:51:441:d98 message ID: 00000000
3-27: 11:26:52:442:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:26:52:442:6e4
3-27: 11:26:52:442:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:26:52:442:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:26:52:442:6e4 I-COOKIE fecdeea209cca806
3-27: 11:26:52:442:6e4 R-COOKIE 0000000000000000
3-27: 11:26:52:442:6e4 exchange: Oakley Main Mode
3-27: 11:26:52:442:6e4 flags: 0
3-27: 11:26:52:442:6e4 next payload: SA
3-27: 11:26:52:442:6e4 message ID: 00000000
3-27: 11:26:54:445:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:26:54:445:6e4
3-27: 11:26:54:445:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:26:54:445:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:26:54:445:6e4 I-COOKIE fecdeea209cca806
3-27: 11:26:54:445:6e4 R-COOKIE 0000000000000000
3-27: 11:26:54:445:6e4 exchange: Oakley Main Mode
3-27: 11:26:54:445:6e4 flags: 0
3-27: 11:26:54:445:6e4 next payload: SA
3-27: 11:26:54:445:6e4 message ID: 00000000
3-27: 11:26:58:451:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
3
3-27: 11:26:58:451:6e4
3-27: 11:26:58:451:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:26:58:451:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:26:58:451:6e4 I-COOKIE fecdeea209cca806
3-27: 11:26:58:451:6e4 R-COOKIE 0000000000000000
3-27: 11:26:58:451:6e4 exchange: Oakley Main Mode
3-27: 11:26:58:451:6e4 flags: 0
3-27: 11:26:58:451:6e4 next payload: SA
3-27: 11:26:58:451:6e4 message ID: 00000000
3-27: 11:27:06:453:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
4
3-27: 11:27:06:453:6e4
3-27: 11:27:06:453:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:27:06:453:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:27:06:453:6e4 I-COOKIE fecdeea209cca806
3-27: 11:27:06:453:6e4 R-COOKIE 0000000000000000
3-27: 11:27:06:453:6e4 exchange: Oakley Main Mode
3-27: 11:27:06:453:6e4 flags: 0
3-27: 11:27:06:453:6e4 next payload: SA
3-27: 11:27:06:453:6e4 message ID: 00000000
3-27: 11:27:22:456:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
5
3-27: 11:27:22:456:6e4
3-27: 11:27:22:456:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:27:22:456:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:27:22:456:6e4 I-COOKIE fecdeea209cca806
3-27: 11:27:22:456:6e4 R-COOKIE 0000000000000000
3-27: 11:27:22:456:6e4 exchange: Oakley Main Mode
3-27: 11:27:22:456:6e4 flags: 0
3-27: 11:27:22:456:6e4 next payload: SA
3-27: 11:27:22:456:6e4 message ID: 00000000
3-27: 11:27:54:472:6e4 retransmit exhausted: sa = 000F08E8 centry 00000000,
count = 6
3-27: 11:27:54:472:6e4 SA Dead. sa:000F08E8 status:35ed
3-27: 11:27:54:472:6e4 isadb_set_status sa:000F08E8 centry:00000000 status
35ed
3-27: 11:27:54:472:6e4 Key Exchange Mode (Main Mode)
3-27: 11:27:54:472:6e4 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
3-27: 11:27:54:472:6e4
3-27: 11:27:54:472:6e4 Me
3-27: 11:27:54:472:6e4 No response from peer
3-27: 11:27:54:472:6e4 0x0 0x0
3-27: 11:27:54:472:6e4 constructing ISAKMP Header
3-27: 11:27:54:472:6e4 constructing DELETE. MM 000F08E8
3-27: 11:27:54:472:6e4
3-27: 11:27:54:472:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 1
3-27: 11:27:54:472:6e4 ISAKMP Header: (V1.0), len = 56
3-27: 11:27:54:472:6e4 I-COOKIE fecdeea209cca806
3-27: 11:27:54:472:6e4 R-COOKIE 0000000000000000
3-27: 11:27:54:472:6e4 exchange: ISAKMP Informational Exchange
3-27: 11:27:54:472:6e4 flags: 0
3-27: 11:27:54:472:6e4 next payload: DELETE
3-27: 11:27:54:472:6e4 message ID: 23371525
3-27: 11:28:51:474:6dc Acquire from driver: op=80E527B0 src=
62.114.110.157.0
dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1,
TunnelEndpt=xxx.xxx.xxx.xxx Inbound TunnelEndpt=62.114.110.157
3-27: 11:28:51:474:d98 Filter to match: Src xxx.xxx.xxx.xxx Dst
62.114.110.157
3-27: 11:28:51:484:d98 MM PolicyName: 2
3-27: 11:28:51:484:d98 MMPolicy dwFlags 2 SoftSAExpireTime 3500
3-27: 11:28:51:484:d98 MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
3-27: 11:28:51:484:d98 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
3-27: 11:28:51:484:d98 Auth[0]:RSA Sig C=EG, S=itdc, L=itdc, O=itdc,
CN=itdc,
E=itdc at itdc.com
3-27: 11:28:51:484:d98 QM PolicyName: x4
{4f66519f-206c-4e6f-8cf4-006e3b432a1c} dwFlags 1
3-27: 11:28:51:484:d98 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
3-27: 11:28:51:484:d98 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
3-27: 11:28:51:484:d98 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
3-27: 11:28:51:484:d98 Starting Negotiation: src = 62.114.110.157.0000, dst
=
xxx.xxx.xxx.xxx.0500, proto = 00, context = 80E527B0, ProxySrc =
62.114.110.157.0000,
ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask =
255.255.255.0
3-27: 11:28:51:484:d98 constructing ISAKMP Header
3-27: 11:28:51:484:d98 constructing SA (ISAKMP)
3-27: 11:28:51:484:d98 Constructing Vendor
3-27: 11:28:51:484:d98
3-27: 11:28:51:484:d98 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:28:51:484:d98 ISAKMP Header: (V1.0), len = 108
3-27: 11:28:51:484:d98 I-COOKIE f44452fa99798688
3-27: 11:28:51:484:d98 R-COOKIE 0000000000000000
3-27: 11:28:51:484:d98 exchange: Oakley Main Mode
3-27: 11:28:51:484:d98 flags: 0
3-27: 11:28:51:484:d98 next payload: SA
3-27: 11:28:51:484:d98 message ID: 00000000
3-27: 11:28:52:485:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
1
3-27: 11:28:52:485:6e4
3-27: 11:28:52:485:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:28:52:485:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:28:52:485:6e4 I-COOKIE f44452fa99798688
3-27: 11:28:52:485:6e4 R-COOKIE 0000000000000000
3-27: 11:28:52:485:6e4 exchange: Oakley Main Mode
3-27: 11:28:52:485:6e4 flags: 0
3-27: 11:28:52:485:6e4 next payload: SA
3-27: 11:28:52:485:6e4 message ID: 00000000
3-27: 11:28:54:488:6e4 retransmit: sa = 000F08E8 centry 00000000 , count =
2
3-27: 11:28:54:488:6e4
3-27: 11:28:54:488:6e4 Sending: SA = 0x000F08E8 to xxx.xxx.xxx.xxx:Type 2
3-27: 11:28:54:488:6e4 ISAKMP Header: (V1.0), len = 108
3-27: 11:28:54:488:6e4 I-COOKIE f44452fa99798688
3-27: 11:28:54:488:6e4 R-COOKIE 0000000000000000
3-27: 11:28:54:488:6e4 exchange: Oakley Main Mode
3-27: 11:28:54:488:6e4 flags: 0
3-27: 11:28:54:488:6e4 next payload: SA
3-27: 11:28:54:488:6e4 message ID: 00000000
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas: 887b8872-c546-
4c2b-a1d803c09c5b0497 4
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas:
62f7a9fc-496c-4638-
90a17dfb1264d336 4
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas: 787009f9-
696c-49c7-ab4b3e7957730538 3
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas: f0216575-
854a-4dee-9aed9dd587aa8295 3
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas:
93f6eb70-6679-43f2-
9a2618a99f492164 1
3-27: 11:28:58:103:654 isadb_schedule_kill_oldPolicy_sas:
4f66519f-206c-4e6f-8cf4006e3b432a1c 2
3-27: 11:28:58:123:d98 entered kill_old_policy_sas
3-27: 11:28:58:123:d98 SA Dead. sa:000F08E8 status:3619
3-27: 11:28:58:123:d98 isadb_set_status sa:000F08E8 centry:00000000 status
3619
3-27: 11:28:58:123:f84 entered kill_old_policy_sas
3-27: 11:28:58:133:d98 Key Exchange Mode (Main Mode)
3-27: 11:28:58:133:d98 Source IP Address 62.114.110.157Source IP Address
Mask
255.255.255.255Destination IP Address xxx.xxx.xxx.xxxDestination IP Address
Mask
255.255.255.255Protocol 0Source Port 0Destination Port 0IKE Local Addr IKE
Peer Addr
ipsecpol log file
1:28:51: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:51: 1590 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
11:28:57: 1590 ECHO REQUEST TO 192.168.1.1 [ FAILED #0 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1591 ECHO REQUEST TO 192.168.1.1 [ FAILED #1 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1592 ECHO REQUEST TO 192.168.1.1 [ FAILED #2 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1593 ECHO REQUEST TO 192.168.1.1 [ FAILED #3 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1594 ECHO REQUEST TO 192.168.1.1 [ FAILED #4 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1595 ECHO REQUEST TO 192.168.1.1 [ FAILED #5 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1596 ECHO REQUEST TO 192.168.1.1 [ FAILED #6 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1597 ECHO REQUEST TO 192.168.1.1 [ FAILED #7 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1598 ECHO REQUEST TO 192.168.1.1 [ FAILED #8 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1599 ECHO REQUEST TO 192.168.1.1 [ FAILED #9 ] [ This is a
nonrecoverable error ]
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1600 ECHO REQUEST TO 192.168.1.1 [ FAILED #10 ] [ This is a
nonrecoverable error ]
11:28:57: Stoping Tunnel
11:28:57: Comparing xxx.xxx.xxx.xxx = xxx.xxx.xxx.xxx
11:28:57: 1601 ECHO REQUEST TO 192.168.1.1 [ FAILED #11 ] [ This is a
nonrecoverable error ]
OPENSWAN /var/log/secure :
Mar 27 21:24:10 vpnmain ipsec__plutorun: Starting Pluto subsystem...
Mar 27 21:24:10 vpnmain pluto[18788]: Starting Pluto (Openswan Version 2.4.0
X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEr@`N\177X]mXi)
Mar 27 21:24:10 vpnmain pluto[18788]: Setting NAT-Traversal port-4500
floating to on
Mar 27 21:24:10 vpnmain pluto[18788]: port floating activation criteria
nat_t=1/port_fload=1
Mar 27 21:24:10 vpnmain pluto[18788]: including NAT-Traversal patch
(Version 0.6c)
Mar 27 21:24:10 vpnmain pluto[18788]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok
(ret=0)
Mar 27 21:24:10 vpnmain pluto[18788]: starting up 1 cryptographic helpers
Mar 27 21:24:10 vpnmain pluto[18788]: started helper pid=18793 (fd:6)
Mar 27 21:24:10 vpnmain pluto[18788]: Using Linux 2.6 IPsec interface code
on 2.6.11-
1.1369_FC4smp
Mar 27 21:24:10 vpnmain pluto[18788]: Changing to directory
'/etc/ipsec.d/cacerts'
Mar 27 21:24:10 vpnmain pluto[18788]: loaded CA cert file 'cacert.pem'
(1489 bytes)
Mar 27 21:24:10 vpnmain pluto[18788]: Could not change to directory
'/etc/ipsec.d/aacerts'
Mar 27 21:24:10 vpnmain pluto[18788]: Could not change to directory
'/etc/ipsec.d/ocspcerts'
Mar 27 21:24:10 vpnmain pluto[18788]: Changing to directory
'/etc/ipsec.d/crls'
Mar 27 21:24:10 vpnmain pluto[18788]: loaded crl file 'crl.pem' (638
bytes)
Mar 27 21:24:10 vpnmain pluto[18788]: loaded host cert file
'/etc/ipsec.d/certs/local.pem'
(4800 bytes)
Mar 27 21:24:10 vpnmain pluto[18788]: added connection description
"roadwarrior-net"
Mar 27 21:24:10 vpnmain pluto[18788]: listening for IKE messages
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth2:0/eth2:0
213.158.171.236:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth2:0/eth2:0
213.158.171.236:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth2/eth2
213.158.171.235:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth2/eth2
213.158.171.235:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth1/eth1
192.168.1.1:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth1/eth1
192.168.1.1:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:1/eth0:1
xxx.xxx.xxx.xxx:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:1/eth0:1
xxx.xxx.xxx.xxx:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:0/eth0:0
196.204.221.196:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:0/eth0:0
196.204.221.196:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:2/eth0:2
62.240.113.61:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0:2/eth0:2
62.240.113.61:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0/eth0
196.204.221.195:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface eth0/eth0
196.204.221.195:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface lo/lo 127.0.0.1:500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface lo/lo 127.0.0.1:4500
Mar 27 21:24:10 vpnmain pluto[18788]: adding interface lo/lo ::1:500
Mar 27 21:24:10 vpnmain pluto[18788]: loading secrets from
"/etc/ipsec.secrets"
Mar 27 21:24:10 vpnmain pluto[18788]: loaded private key file
'/etc/ipsec.d/private/local.key' (2760 bytes)
Mar 27 21:24:58 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:24:58 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#1: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:24:58 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#1: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:24:58 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#1: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:24:59 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:24:59 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#2: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:24:59 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#2: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:24:59 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#2: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:25:01 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#3: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#3: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#3: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:25:05 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#4: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#4: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#4: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:25:13 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#5: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#5: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#5: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:25:29 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000003]
Mar 27 21:25:29 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#6: responding to
Main Mode from unknown peer 62.114.110.157
Mar 27 21:25:29 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#6: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 27 21:25:29 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#6: STATE_MAIN_R1:
sent MR1, expecting MI2
Mar 27 21:26:01 vpnmain pluto[18788]: packet from 62.114.110.157:500:
ignoring Delete SA
payload: not encrypted
Mar 27 21:26:01 vpnmain pluto[18788]: packet from 62.114.110.157:500:
received and ignored
informational message
Mar 27 21:26:08 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#1: max number of
retransmissions (2) reached STATE_MAIN_R1
Mar 27 21:26:09 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#2: max number of
retransmissions (2) reached STATE_MAIN_R1
Mar 27 21:26:11 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#3: max number of
retransmissions (2) reached STATE_MAIN_R1
Mar 27 21:26:15 vpnmain pluto[18788]: "roadwarrior-net"[1]
62.114.110.157#4: max number of
retransmissions (2) reached STATE_MAIN_R1
Please help
Walied
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060327/49261869/attachment-0001.htm
More information about the Users
mailing list