[Openswan Users] status of rightprotoport=17/%any with xlt2pd, XP and Mac OS X?
Clifford T. Matthews
ctm at stolenbases.com
Thu Apr 12 14:09:03 EDT 2007
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> On Thu, 12 Apr 2007, Clifford T. Matthews wrote:
Cliff> I'm happy to post our configuration files or even the output of
Cliff> ipsec barf, but since there's a good chance this is a known
Cliff> issue, I figured I'd see if anyone has a pointer to info I
Cliff> should read, first.
Paul> Can you show us a log entry of a working and a non-working
Paul> connect, using plutodebug=controlmore ?
Sure. Great timing, too. I rev'ved up to 2.4.7 in an attempt to give
you the most useful data. I can send other files if it will help.
This one works:
Apr 12 13:56:43 first pluto[3946]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
Apr 12 13:56:43 first pluto[3946]: Setting NAT-Traversal port-4500 floating to on
Apr 12 13:56:43 first pluto[3946]: port floating activation criteria nat_t=1/port_fload=1
Apr 12 13:56:43 first pluto[3946]: including NAT-Traversal patch (Version 0.6c)
Apr 12 13:56:43 first pluto[3946]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 12 13:56:43 first pluto[3946]: starting up 1 cryptographic helpers
Apr 12 13:56:43 first pluto[3946]: started helper pid=3952 (fd:6)
Apr 12 13:56:43 first pluto[3946]: Using NETKEY IPsec interface code on 2.6.20-1.2933.fc6
Apr 12 13:56:43 first pluto[3946]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 12 13:56:43 first pluto[3946]: loaded CA cert file 'cacert.pem' (1415 bytes)
Apr 12 13:56:43 first pluto[3946]: Could not change to directory '/etc/ipsec.d/aacerts'
Apr 12 13:56:43 first pluto[3946]: Could not change to directory '/etc/ipsec.d/ocspcerts'
Apr 12 13:56:43 first pluto[3946]: Could not change to directory '/etc/ipsec.d/crls'
Apr 12 13:56:43 first pluto[3946]: | find_host_pair_conn (check_connection_end): 192.168.10.1:500 %any:500 -> hp:none
Apr 12 13:56:43 first pluto[3946]: loaded host cert file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/cert_vpn.stolenbases.com.pem' (1192 bytes)
Apr 12 13:56:43 first pluto[3946]: added connection description "sbnyc-l2tpX509-int"
Apr 12 13:56:43 first pluto[3946]: | find_host_pair_conn (check_connection_end): 216.254.70.239:500 %any:500 -> hp:none
Apr 12 13:56:43 first pluto[3946]: loaded host cert file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/cert_vpn.stolenbases.com.pem' (1192 bytes)
Apr 12 13:56:43 first pluto[3946]: | unreference key: 0x55555581d270 C=US, O=stolenbases.com, OU=first, OU=CA, CN=vpn.stolenbases.com cnt 1--
Apr 12 13:56:43 first pluto[3946]: | unreference key: 0x55555581ce20 @vpn.stolenbases.com cnt 1--
Apr 12 13:56:43 first pluto[3946]: added connection description "sbnyc-l2tpX509-ext"
Apr 12 13:56:43 first pluto[3946]: listening for IKE messages
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:6/eth2:6 192.168.11.56:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:6/eth2:6 192.168.11.56:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:5/eth2:5 192.168.11.55:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:5/eth2:5 192.168.11.55:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:4/eth2:4 192.168.11.54:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:4/eth2:4 192.168.11.54:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:3/eth2:3 192.168.11.53:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:3/eth2:3 192.168.11.53:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:2/eth2:2 192.168.11.52:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:2/eth2:2 192.168.11.52:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:1/eth2:1 192.168.11.51:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:1/eth2:1 192.168.11.51:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:0/eth2:0 192.168.11.50:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2:0/eth2:0 192.168.11.50:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2/eth2 192.168.11.1:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth2/eth2 192.168.11.1:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth0/eth0 216.254.70.239:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth0/eth0 216.254.70.239:4500
Apr 12 13:56:43 first pluto[3946]: adding interface eth1/eth1 192.168.10.1:500
Apr 12 13:56:43 first pluto[3946]: adding interface eth1/eth1 192.168.10.1:4500
Apr 12 13:56:43 first pluto[3946]: adding interface lo/lo 127.0.0.1:500
Apr 12 13:56:43 first pluto[3946]: adding interface lo/lo 127.0.0.1:4500
Apr 12 13:56:43 first pluto[3946]: adding interface lo/lo ::1:500
Apr 12 13:56:43 first pluto[3946]: | connect_to_host_pair: 216.254.70.239:500 0.0.0.0:500 -> hp:none
Apr 12 13:56:43 first pluto[3946]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:56:43 first pluto[3946]: | connect_to_host_pair: 192.168.10.1:500 0.0.0.0:500 -> hp:none
Apr 12 13:56:43 first pluto[3946]: loading secrets from "/etc/ipsec.secrets"
Apr 12 13:56:43 first pluto[3946]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Apr 12 13:56:43 first pluto[3946]: loaded private key file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/vpn.stolenbases.com_keypair.pem' (891 bytes)
Apr 12 13:57:32 first pluto[3946]: packet from 192.168.10.29:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 12 13:57:32 first pluto[3946]: packet from 192.168.10.29:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 12 13:57:32 first pluto[3946]: packet from 192.168.10.29:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Apr 12 13:57:32 first pluto[3946]: packet from 192.168.10.29:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 12 13:57:32 first pluto[3946]: | find_host_connection called from main_inI1_outR1
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 192.168.10.29:500 -> hp:none
Apr 12 13:57:32 first pluto[3946]: | find_host_connection called from main_inI1_outR1
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | connect_to_host_pair: 192.168.10.1:500 192.168.10.29:500 -> hp:none
Apr 12 13:57:32 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: responding to Main Mode from unknown peer 192.168.10.29
Apr 12 13:57:32 first pluto[3946]: | sender checking NAT-t: 1 and 106
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 12 13:57:32 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:57:32 first pluto[3946]: | inI2: checking NAT-t: 1 and 4
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Apr 12 13:57:32 first pluto[3946]: | main inI2_outR2: calculated ke+nonce, sending R2
Apr 12 13:57:32 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:57:32 first pluto[3946]: | find_host_connection called from collect_rw_ca_candidates
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 192.168.10.29:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:32 first pluto[3946]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 12 13:57:32 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com'
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: no crl from issuer "C=US, O=stolenbases.com, OU=first, CN=CA" found (strict=no)
Apr 12 13:57:33 first pluto[3946]: | refine_connection: starting with sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:57:33 first pluto[3946]: | b=192.168.10.29
Apr 12 13:57:33 first pluto[3946]: | results fail
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: | refine_connection: checking sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, best=(none) with match=0(id=0/ca=1/reqca=1)
Apr 12 13:57:33 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:33 first pluto[3946]: | find_host_pair_conn (refine_host_connection): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:57:33 first pluto[3946]: | b=(none)
Apr 12 13:57:33 first pluto[3946]: | results matched
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: | refine_connection: checking sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, best=(none) with match=1(id=1/ca=1/reqca=1)
Apr 12 13:57:33 first pluto[3946]: | refine_connection: checked sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, now for see if best
Apr 12 13:57:33 first pluto[3946]: | refine_connection: picking new best sbnyc-l2tpX509-int (wild=15, peer_pathlen=0/our=0)
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: switched from "sbnyc-l2tpX509-int" to "sbnyc-l2tpX509-int"
Apr 12 13:57:33 first pluto[3946]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:57:33 first pluto[3946]: | b=(none)
Apr 12 13:57:33 first pluto[3946]: | results matched
Apr 12 13:57:33 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:57:33 first pluto[3946]: | find_host_pair: comparing to 192.168.10.1:500 192.168.10.29:500
Apr 12 13:57:33 first pluto[3946]: | connect_to_host_pair: 192.168.10.1:500 192.168.10.29:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: deleting connection "sbnyc-l2tpX509-int" instance with peer 192.168.10.29 {isakmp=#0/ipsec=#0}
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: I am sending my cert
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: | find_client_connection starting with sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | looking for 192.168.10.1/32:17/1701 -> 192.168.10.29/32:17/1701
Apr 12 13:57:33 first pluto[3946]: | concrete checking against sr#0 192.168.10.1/32 -> 0.0.0.0/32
Apr 12 13:57:33 first pluto[3946]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:57:33 first pluto[3946]: | b=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:57:33 first pluto[3946]: | results matched
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first pluto[3946]: | fc_try trying sbnyc-l2tpX509-int:192.168.10.1/32:17/1701 -> 192.168.10.29/32:17/1701 vs sbnyc-l2tpX509-int:192.168.10.1/32:17/1701 -> 0.0.0.0/32:17/1701
Apr 12 13:57:33 first pluto[3946]: | fc_try concluding with sbnyc-l2tpX509-int [128]
Apr 12 13:57:33 first pluto[3946]: | fc_try sbnyc-l2tpX509-int gives sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | concluding with d = sbnyc-l2tpX509-int
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: | quick inI1_outR1: calculated ke+nonce, sending R1
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: responding to Quick Mode {msgid:293eb65b}
Apr 12 13:57:33 first pluto[3946]: | finished processing quick inI1
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 12 13:57:33 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:33 first pluto[3946]: | route_and_eroute with c: sbnyc-l2tpX509-int (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Apr 12 13:57:33 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:33 first last message repeated 2 times
Apr 12 13:57:33 first pluto[3946]: | inI2: instance sbnyc-l2tpX509-int[2], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 12 13:57:33 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x0aaaf1e6 <0x79045310 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received Delete SA(0x0aaaf1e6) payload: deleting IPSEC State #2
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:46 first pluto[3946]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:57:46 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received and ignored informational message
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received Delete SA payload: deleting ISAKMP State #1
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:57:46 first pluto[3946]: "sbnyc-l2tpX509-int"[2] 192.168.10.29: deleting connection "sbnyc-l2tpX509-int" instance with peer 192.168.10.29 {isakmp=#0/ipsec=#0}
Apr 12 13:57:46 first pluto[3946]: | unreference key: 0x5555558219b0 C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com cnt 2--
Apr 12 13:57:46 first pluto[3946]: packet from 192.168.10.29:500: received and ignored informational message
Apr 12 13:58:16 first pluto[3946]: shutting down
Apr 12 13:58:16 first pluto[3946]: forgetting secrets
Apr 12 13:58:16 first pluto[3946]: | unreference key: 0x5555558219b0 C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com cnt 1--
Apr 12 13:58:16 first pluto[3946]: | unreference key: 0x55555581d270 @vpn.stolenbases.com cnt 1--
Apr 12 13:58:16 first pluto[3946]: | unreference key: 0x55555581e590 C=US, O=stolenbases.com, OU=first, OU=CA, CN=vpn.stolenbases.com cnt 1--
Apr 12 13:58:16 first pluto[3946]: | processing connection sbnyc-l2tpX509-ext
Apr 12 13:58:16 first pluto[3946]: "sbnyc-l2tpX509-ext": deleting connection
Apr 12 13:58:16 first pluto[3946]: | processing connection sbnyc-l2tpX509-int
Apr 12 13:58:16 first pluto[3946]: "sbnyc-l2tpX509-int": deleting connection
Apr 12 13:58:16 first pluto[3946]: shutting down interface lo/lo ::1:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface lo/lo 127.0.0.1:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface lo/lo 127.0.0.1:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth1/eth1 192.168.10.1:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth1/eth1 192.168.10.1:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth0/eth0 216.254.70.239:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth0/eth0 216.254.70.239:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2/eth2 192.168.11.1:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2/eth2 192.168.11.1:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:0/eth2:0 192.168.11.50:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:0/eth2:0 192.168.11.50:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:1/eth2:1 192.168.11.51:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:1/eth2:1 192.168.11.51:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:2/eth2:2 192.168.11.52:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:2/eth2:2 192.168.11.52:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:3/eth2:3 192.168.11.53:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:3/eth2:3 192.168.11.53:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:4/eth2:4 192.168.11.54:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:4/eth2:4 192.168.11.54:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:5/eth2:5 192.168.11.55:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:5/eth2:5 192.168.11.55:500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:6/eth2:6 192.168.11.56:4500
Apr 12 13:58:16 first pluto[3946]: shutting down interface eth2:6/eth2:6 192.168.11.56:500
Apr 12 13:58:17 first ipsec__plutorun: Starting Pluto subsystem...
This one doesn't:
Apr 12 13:58:17 first pluto[4245]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
Apr 12 13:58:17 first pluto[4245]: Setting NAT-Traversal port-4500 floating to on
Apr 12 13:58:17 first pluto[4245]: port floating activation criteria nat_t=1/port_fload=1
Apr 12 13:58:17 first pluto[4245]: including NAT-Traversal patch (Version 0.6c)
Apr 12 13:58:17 first pluto[4245]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 12 13:58:17 first pluto[4245]: starting up 1 cryptographic helpers
Apr 12 13:58:17 first pluto[4245]: started helper pid=4249 (fd:6)
Apr 12 13:58:17 first pluto[4245]: Using NETKEY IPsec interface code on 2.6.20-1.2933.fc6
Apr 12 13:58:18 first pluto[4245]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 12 13:58:18 first pluto[4245]: loaded CA cert file 'cacert.pem' (1415 bytes)
Apr 12 13:58:18 first pluto[4245]: Could not change to directory '/etc/ipsec.d/aacerts'
Apr 12 13:58:18 first pluto[4245]: Could not change to directory '/etc/ipsec.d/ocspcerts'
Apr 12 13:58:18 first pluto[4245]: Could not change to directory '/etc/ipsec.d/crls'
Apr 12 13:58:18 first pluto[4245]: | find_host_pair_conn (check_connection_end): 192.168.10.1:500 %any:500 -> hp:none
Apr 12 13:58:18 first pluto[4245]: loaded host cert file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/cert_vpn.stolenbases.com.pem' (1192 bytes)
Apr 12 13:58:18 first pluto[4245]: added connection description "sbnyc-l2tpX509-int"
Apr 12 13:58:18 first pluto[4245]: | find_host_pair_conn (check_connection_end): 216.254.70.239:500 %any:500 -> hp:none
Apr 12 13:58:18 first pluto[4245]: loaded host cert file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/cert_vpn.stolenbases.com.pem' (1192 bytes)
Apr 12 13:58:18 first pluto[4245]: | unreference key: 0x55555581d270 C=US, O=stolenbases.com, OU=first, OU=CA, CN=vpn.stolenbases.com cnt 1--
Apr 12 13:58:18 first pluto[4245]: | unreference key: 0x55555581ce20 @vpn.stolenbases.com cnt 1--
Apr 12 13:58:18 first pluto[4245]: added connection description "sbnyc-l2tpX509-ext"
Apr 12 13:58:18 first pluto[4245]: listening for IKE messages
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:6/eth2:6 192.168.11.56:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:6/eth2:6 192.168.11.56:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:5/eth2:5 192.168.11.55:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:5/eth2:5 192.168.11.55:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:4/eth2:4 192.168.11.54:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:4/eth2:4 192.168.11.54:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:3/eth2:3 192.168.11.53:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:3/eth2:3 192.168.11.53:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:2/eth2:2 192.168.11.52:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:2/eth2:2 192.168.11.52:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:1/eth2:1 192.168.11.51:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:1/eth2:1 192.168.11.51:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:0/eth2:0 192.168.11.50:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2:0/eth2:0 192.168.11.50:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2/eth2 192.168.11.1:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth2/eth2 192.168.11.1:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth0/eth0 216.254.70.239:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth0/eth0 216.254.70.239:4500
Apr 12 13:58:18 first pluto[4245]: adding interface eth1/eth1 192.168.10.1:500
Apr 12 13:58:18 first pluto[4245]: adding interface eth1/eth1 192.168.10.1:4500
Apr 12 13:58:18 first pluto[4245]: adding interface lo/lo 127.0.0.1:500
Apr 12 13:58:18 first pluto[4245]: adding interface lo/lo 127.0.0.1:4500
Apr 12 13:58:18 first pluto[4245]: adding interface lo/lo ::1:500
Apr 12 13:58:18 first pluto[4245]: | connect_to_host_pair: 216.254.70.239:500 0.0.0.0:500 -> hp:none
Apr 12 13:58:18 first pluto[4245]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:58:18 first pluto[4245]: | connect_to_host_pair: 192.168.10.1:500 0.0.0.0:500 -> hp:none
Apr 12 13:58:18 first pluto[4245]: loading secrets from "/etc/ipsec.secrets"
Apr 12 13:58:18 first pluto[4245]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Apr 12 13:58:18 first pluto[4245]: loaded private key file '/usr/local/stolenbases/etc/certs.new/vpn.stolenbases.com/vpn.stolenbases.com_keypair.pem' (891 bytes)
Apr 12 13:58:29 first pluto[4245]: packet from 192.168.10.29:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 12 13:58:29 first pluto[4245]: packet from 192.168.10.29:500: ignoring Vendor ID payload [FRAGMENTATION]
Apr 12 13:58:29 first pluto[4245]: packet from 192.168.10.29:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Apr 12 13:58:29 first pluto[4245]: packet from 192.168.10.29:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 12 13:58:29 first pluto[4245]: | find_host_connection called from main_inI1_outR1
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 192.168.10.29:500 -> hp:none
Apr 12 13:58:29 first pluto[4245]: | find_host_connection called from main_inI1_outR1
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 216.254.70.239:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | connect_to_host_pair: 192.168.10.1:500 192.168.10.29:500 -> hp:none
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: responding to Main Mode from unknown peer 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | sender checking NAT-t: 1 and 106
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | inI2: checking NAT-t: 1 and 4
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Apr 12 13:58:29 first pluto[4245]: | main inI2_outR2: calculated ke+nonce, sending R2
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | find_host_connection called from collect_rw_ca_candidates
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 192.168.10.29:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair_conn (find_host_connection2): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com'
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: no crl from issuer "C=US, O=stolenbases.com, OU=first, CN=CA" found (strict=no)
Apr 12 13:58:29 first pluto[4245]: | refine_connection: starting with sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:58:29 first pluto[4245]: | b=192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | results fail
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: | refine_connection: checking sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, best=(none) with match=0(id=0/ca=1/reqca=1)
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair_conn (refine_host_connection): 192.168.10.1:500 %any:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:58:29 first pluto[4245]: | b=(none)
Apr 12 13:58:29 first pluto[4245]: | results matched
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: | refine_connection: checking sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, best=(none) with match=1(id=1/ca=1/reqca=1)
Apr 12 13:58:29 first pluto[4245]: | refine_connection: checked sbnyc-l2tpX509-int against sbnyc-l2tpX509-int, now for see if best
Apr 12 13:58:29 first pluto[4245]: | refine_connection: picking new best sbnyc-l2tpX509-int (wild=15, peer_pathlen=0/our=0)
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[1] 192.168.10.29 #1: switched from "sbnyc-l2tpX509-int" to "sbnyc-l2tpX509-int"
Apr 12 13:58:29 first pluto[4245]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:58:29 first pluto[4245]: | b=(none)
Apr 12 13:58:29 first pluto[4245]: | results matched
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 0.0.0.0:500
Apr 12 13:58:29 first pluto[4245]: | find_host_pair: comparing to 192.168.10.1:500 192.168.10.29:500
Apr 12 13:58:29 first pluto[4245]: | connect_to_host_pair: 192.168.10.1:500 192.168.10.29:500 -> hp:sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[1] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: deleting connection "sbnyc-l2tpX509-int" instance with peer 192.168.10.29 {isakmp=#0/ipsec=#0}
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: I am sending my cert
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | find_client_connection starting with sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | looking for 192.168.10.1/32:17/1701 -> 192.168.10.29/32:17/1701
Apr 12 13:58:29 first pluto[4245]: | concrete checking against sr#0 192.168.10.1/32 -> 0.0.0.0/32
Apr 12 13:58:29 first pluto[4245]: | match_id a=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:58:29 first pluto[4245]: | b=C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com
Apr 12 13:58:29 first pluto[4245]: | results matched
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first pluto[4245]: | fc_try trying sbnyc-l2tpX509-int:192.168.10.1/32:17/1701 -> 192.168.10.29/32:17/0 vs sbnyc-l2tpX509-int:192.168.10.1/32:17/1701 -> 0.0.0.0/32:17/0
Apr 12 13:58:29 first pluto[4245]: | fc_try concluding with sbnyc-l2tpX509-int [128]
Apr 12 13:58:29 first pluto[4245]: | fc_try sbnyc-l2tpX509-int gives sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | concluding with d = sbnyc-l2tpX509-int
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | quick inI1_outR1: calculated ke+nonce, sending R1
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: responding to Quick Mode {msgid:dcbe9fe6}
Apr 12 13:58:29 first pluto[4245]: | finished processing quick inI1
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 12 13:58:29 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:58:29 first pluto[4245]: | route_and_eroute with c: sbnyc-l2tpX509-int (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Apr 12 13:58:29 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:58:29 first last message repeated 2 times
Apr 12 13:58:29 first pluto[4245]: | inI2: instance sbnyc-l2tpX509-int[2], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 12 13:58:29 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x277fff6e <0x2a4299c4 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Apr 12 13:58:49 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first last message repeated 3 times
Apr 12 13:59:04 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received Delete SA(0x277fff6e) payload: deleting IPSEC State #2
Apr 12 13:59:04 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:59:04 first pluto[4245]: | trusted_ca called with a=C=US, O=stolenbases.com, OU=first, CN=CA b=C=US, O=stolenbases.com, OU=first, CN=CA
Apr 12 13:59:04 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received and ignored informational message
Apr 12 13:59:04 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29 #1: received Delete SA payload: deleting ISAKMP State #1
Apr 12 13:59:04 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first pluto[4245]: | processing connection sbnyc-l2tpX509-int[2] 192.168.10.29
Apr 12 13:59:04 first pluto[4245]: "sbnyc-l2tpX509-int"[2] 192.168.10.29: deleting connection "sbnyc-l2tpX509-int" instance with peer 192.168.10.29 {isakmp=#0/ipsec=#0}
Apr 12 13:59:04 first pluto[4245]: | unreference key: 0x5555558219b0 C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com cnt 2--
Apr 12 13:59:04 first pluto[4245]: packet from 192.168.10.29:500: received and ignored informational message
Apr 12 13:59:31 first pluto[4245]: shutting down
Apr 12 13:59:31 first pluto[4245]: forgetting secrets
Apr 12 13:59:31 first pluto[4245]: | unreference key: 0x5555558219b0 C=US, O=stolenbases.com, OU=first, CN=ctm, E=ctm at stolenbases.com cnt 1--
Apr 12 13:59:31 first pluto[4245]: | unreference key: 0x55555581d270 @vpn.stolenbases.com cnt 1--
Apr 12 13:59:31 first pluto[4245]: | unreference key: 0x55555581e590 C=US, O=stolenbases.com, OU=first, OU=CA, CN=vpn.stolenbases.com cnt 1--
Apr 12 13:59:31 first pluto[4245]: | processing connection sbnyc-l2tpX509-ext
Apr 12 13:59:31 first pluto[4245]: "sbnyc-l2tpX509-ext": deleting connection
Apr 12 13:59:31 first pluto[4245]: | processing connection sbnyc-l2tpX509-int
Apr 12 13:59:31 first pluto[4245]: "sbnyc-l2tpX509-int": deleting connection
Apr 12 13:59:31 first pluto[4245]: shutting down interface lo/lo ::1:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface lo/lo 127.0.0.1:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface lo/lo 127.0.0.1:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth1/eth1 192.168.10.1:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth1/eth1 192.168.10.1:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth0/eth0 216.254.70.239:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth0/eth0 216.254.70.239:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2/eth2 192.168.11.1:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2/eth2 192.168.11.1:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:0/eth2:0 192.168.11.50:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:0/eth2:0 192.168.11.50:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:1/eth2:1 192.168.11.51:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:1/eth2:1 192.168.11.51:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:2/eth2:2 192.168.11.52:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:2/eth2:2 192.168.11.52:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:3/eth2:3 192.168.11.53:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:3/eth2:3 192.168.11.53:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:4/eth2:4 192.168.11.54:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:4/eth2:4 192.168.11.54:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:5/eth2:5 192.168.11.55:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:5/eth2:5 192.168.11.55:500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:6/eth2:6 192.168.11.56:4500
Apr 12 13:59:31 first pluto[4245]: shutting down interface eth2:6/eth2:6 192.168.11.56:500
Thanks. Due to users on the machine, sometimes
Cliff Matthews <Cliff.Matthews at stolenbases.com>
More information about the Users
mailing list