[Openswan Users] Juniper/Netscreen-5GT to OpenSwan IPSec VPN Tunnel
Greg Michaels
greg.michaels at vyatta.com
Tue Jan 30 21:02:29 EST 2007
ipsec barf
netscreen
Tue Jan 30 20:57:06 GMT 2007
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.6/K2.6.19 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.19 (autobuild at phuket.vyatta.com) (gcc version 4.1.1) #1
SMP Wed Jan 24 00:38:37 PST 2007
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth7
10.6.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
10.6.0.0 192.168.1.1 255.255.255.0 UG 0 0 0
eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth2
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0
eth2
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 192.168.1.10 dst 192.168.1.1
proto esp spi 0x9351c5c3 reqid 16385 mode tunnel
replay-window 32
auth hmac(md5) 0x744e791bb6aab8edc7a2c2b324fb7e1c
enc cbc(des3_ede) 0x5ecb34aa647e1ab657b9abc4af40050b4a5230e3b01f6de5
src 192.168.1.1 dst 192.168.1.10
proto esp spi 0x376d15c4 reqid 16385 mode tunnel
replay-window 32
auth hmac(md5) 0x7434a611555e2a91324a9a8fd1cc738f
enc cbc(des3_ede) 0x6e85e73975af071a234b9e07f61d61c828dbab1c3a484893
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 10.6.0.0/24 dst 10.0.0.0/24
dir in priority 2344
tmpl src 192.168.1.1 dst 192.168.1.10
proto esp reqid 16385 mode tunnel
src 10.0.0.0/24 dst 10.6.0.0/24
dir out priority 2344
tmpl src 192.168.1.10 dst 192.168.1.1
proto esp reqid 16385 mode tunnel
src 10.6.0.0/24 dst 10.0.0.0/24
dir fwd priority 2344
tmpl src 192.168.1.1 dst 192.168.1.10
proto esp reqid 16385 mode tunnel
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth2/eth2 192.168.1.10
000 interface eth7/eth7 10.0.0.233
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,2,36}
trans={0,2,336} attrs={0,2,224}
000
000 "peer-192.168.1.1-tunnel-1":
10.0.0.0/24===192.168.1.10...192.168.1.1===10.6.0.0/24; erouted; eroute
owner: #2
000 "peer-192.168.1.1-tunnel-1": srcip=unset; dstip=unset; srcup=ipsec
_updown; dstup=ipsec _updown;
000 "peer-192.168.1.1-tunnel-1": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "peer-192.168.1.1-tunnel-1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio:
24,24; interface: eth2;
000 "peer-192.168.1.1-tunnel-1": newest ISAKMP SA: #1; newest IPsec SA:
#2;
000 "peer-192.168.1.1-tunnel-1": IKE algorithms wanted: 5_000-1-2,
flags=strict
000 "peer-192.168.1.1-tunnel-1": IKE algorithms found: 5_192-1_128-2,
000 "peer-192.168.1.1-tunnel-1": IKE algorithm newest:
3DES_CBC_192-MD5-MODP1024
000 "peer-192.168.1.1-tunnel-1": ESP algorithms wanted: 3_000-1,
flags=strict
000 "peer-192.168.1.1-tunnel-1": ESP algorithms loaded: 3_000-1,
flags=strict
000 "peer-192.168.1.1-tunnel-1": ESP algorithm newest: 3DES_0-HMAC_MD5;
pfsgroup=<Phase1>
000
000 #2: "peer-192.168.1.1-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 26925s; newest IPSEC; eroute owner
000 #2: "peer-192.168.1.1-tunnel-1" esp.9351c5c3 at 192.168.1.1
esp.376d15c4 at 192.168.1.10 tun.0 at 192.168.1.1 tun.0 at 192.168.1.10
000 #1: "peer-192.168.1.1-tunnel-1":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 1511s; newest ISAKMP; lastdpd=-1s(seq in:0
out:0)
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:15:17:0B:D4:38
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xece0 Memory:fe9e0000-fea00000
eth1 Link encap:Ethernet HWaddr 00:15:17:0B:D4:39
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xecc0 Memory:fe9a0000-fe9c0000
eth2 Link encap:Ethernet HWaddr 00:0E:0C:C1:EA:0C
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20e:cff:fec1:ea0c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:551 errors:0 dropped:0 overruns:0 frame:0
TX packets:2036 errors:0 dropped:0 overruns:0 carrier:0
collisions:75 txqueuelen:100
RX bytes:78681 (76.8 KiB) TX bytes:525155 (512.8 KiB)
Base address:0xdcc0 Memory:fe7e0000-fe800000
eth3 Link encap:Ethernet HWaddr 00:0E:0C:C1:EA:0D
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xdc80 Memory:fe7c0000-fe7e0000
eth4 Link encap:Ethernet HWaddr 00:0E:0C:C1:EA:0E
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xdc40 Memory:fe7a0000-fe7c0000
eth5 Link encap:Ethernet HWaddr 00:0E:0C:C1:EA:0F
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Base address:0xdc00 Memory:fe780000-fe7a0000
eth6 Link encap:Ethernet HWaddr 00:15:C5:E1:04:BB
inet6 addr: fe80::215:c5ff:fee1:4bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:492 (492.0 b)
Interrupt:16
eth7 Link encap:Ethernet HWaddr 00:15:C5:E1:04:BC
inet addr:10.0.0.233 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:c5ff:fee1:4bc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1850 errors:7 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:203628 (198.8 KiB) TX bytes:620 (620.0 b)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:167930 errors:0 dropped:0 overruns:0 frame:0
TX packets:167930 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12640933 (12.0 MiB) TX bytes:12640933 (12.0 MiB)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:15:17:0b:d4:38 brd ff:ff:ff:ff:ff:ff
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:15:17:0b:d4:39 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:0e:0c:c1:ea:0c brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth2
inet6 fe80::20e:cff:fec1:ea0c/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0e:0c:c1:ea:0d brd ff:ff:ff:ff:ff:ff
6: eth4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0e:0c:c1:ea:0e brd ff:ff:ff:ff:ff:ff
7: eth5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0e:0c:c1:ea:0f brd ff:ff:ff:ff:ff:ff
8: eth6: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:15:c5:e1:04:bb brd ff:ff:ff:ff:ff:ff
inet6 fe80::215:c5ff:fee1:4bb/64 scope link
valid_lft forever preferred_lft forever
9: eth7: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:15:c5:e1:04:bc brd ff:ff:ff:ff:ff:ff
inet 10.0.0.233/24 brd 10.0.0.255 scope global eth7
inet6 fe80::215:c5ff:fee1:4bc/64 scope link
valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
10.0.0.0/24 dev eth7 proto kernel scope link src 10.0.0.233
10.6.0.0/24 dev eth2 scope link
10.6.0.0/24 via 192.168.1.1 dev eth2 proto xorp metric 1 notify
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.10
default via 192.168.1.1 dev eth2 proto xorp metric 1 notify
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.6/K2.6.19 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no link
product info: vendor 00:aa:00, model 56 rev 0
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth1: no link
product info: vendor 00:aa:00, model 56 rev 0
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth2: negotiated 100baseTx-HD, link ok
product info: vendor 00:50:43, model 2 rev 5
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-HD 10baseT-HD
eth3: no link
product info: vendor 00:50:43, model 2 rev 5
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth4: no link
product info: vendor 00:50:43, model 2 rev 5
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth5: no link
product info: vendor 00:50:43, model 2 rev 5
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
eth6: negotiated 100baseTx-FD, link ok
product info: vendor 00:08:18, model 24 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
eth7: negotiated 100baseTx-HD, link ok
product info: vendor 00:08:18, model 24 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-HD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
20:57:07 up 22 min, 2 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
1 0 4192 1 25 0 2452 444 wait S ? 0:00
/bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids
es --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack
auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval
0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
o --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 4193 4192 25 0 2452 628 wait S ? 0:00 \_
/bin/bash /usr/lib/ipsec/_plutorun --debug all --uniqueids
es --nocrsend --strictcrlpolicy --nat_traversal --keep_alive --protostack
auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval
0 --ocspuri --nhelpers --dump --opts --stderrlog --wait
o --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 4194 4193 17 0 7068 2352 - S ? 0:00 | \_
/usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir
/etc/ipsec.d --debug-all --use-auto --uniqueids
1 0 4227 4194 31 10 7016 976 - SN ? 0:00 |
\_ pluto helper # 0 -nofork
0 0 4276 4194 22 0 1508 288 - S ? 0:00 |
\_ _pluto_adns -d
0 0 4195 4192 22 0 2424 1140 pipe_w S ? 0:00 \_
/bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0 0 4196 1 18 0 1568 500 pipe_w S ? 0:00
logger -s -p daemon.error -t ipsec__plutorun
0 0 5110 5106 25 0 3664 1272 - R+ pts/1 0:00
\_ /bin/sh /usr/lib/ipsec/barf
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
version 2.0
config setup
interfaces="ipsec0=eth2"
plutodebug="all"
conn clear
auto=ignore
conn clear-or-private
auto=ignore
conn private-or-clear
auto=ignore
conn private
auto=ignore
conn block
auto=ignore
conn packetdefault
auto=ignore
conn peer-192.168.1.1-tunnel-1
left=192.168.1.10
right=192.168.1.1
type=tunnel
authby=secret
leftsubnet=10.0.0.0/24
rightsubnet=10.6.0.0/24
ike=3des-md5-modp1024
esp=3des-md5
auto=start
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
192.168.1.10 192.168.1.1 : PSK "[sums to 1489...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 1392
-rwxr-xr-x 1 root root 15848 Nov 12 16:15 _confread
-rwxr-xr-x 1 root root 4364 Nov 12 16:15 _copyright
-rwxr-xr-x 1 root root 2379 Nov 12 16:15 _include
-rwxr-xr-x 1 root root 1475 Nov 12 16:15 _keycensor
-rwxr-xr-x 1 root root 8012 Nov 12 16:15 _pluto_adns
-rwxr-xr-x 1 root root 3586 Nov 12 16:15 _plutoload
-rwxr-xr-x 1 root root 7209 Nov 12 16:15 _plutorun
-rwxr-xr-x 1 root root 12335 Nov 12 16:15 _realsetup
-rwxr-xr-x 1 root root 1975 Nov 12 16:15 _secretcensor
-rwxr-xr-x 1 root root 10070 Nov 12 16:15 _startklips
-rwxr-xr-x 1 root root 13912 Nov 12 16:15 _updown
-rwxr-xr-x 1 root root 15740 Nov 12 16:15 _updown_x509
-rwxr-xr-x 1 root root 18891 Nov 12 16:15 auto
-rwxr-xr-x 1 root root 11331 Nov 12 16:15 barf
-rwxr-xr-x 1 root root 816 Nov 12 16:15 calcgoo
-rwxr-xr-x 1 root root 77832 Nov 12 16:15 eroute
-rwxr-xr-x 1 root root 17992 Nov 12 16:15 ikeping
-rwxr-xr-x 1 root root 1942 Nov 12 16:15 ipsec_pr.template
-rwxr-xr-x 1 root root 60732 Nov 12 16:15 klipsdebug
-rwxr-xr-x 1 root root 1836 Nov 12 16:15 livetest
-rwxr-xr-x 1 root root 2605 Nov 12 16:15 look
-rwxr-xr-x 1 root root 7147 Nov 12 16:15 mailkey
-rwxr-xr-x 1 root root 16015 Nov 12 16:15 manual
-rwxr-xr-x 1 root root 1951 Nov 12 16:15 newhostkey
-rwxr-xr-x 1 root root 51872 Nov 12 16:15 pf_key
-rwxr-xr-x 1 root root 648712 Nov 12 16:15 pluto
-rwxr-xr-x 1 root root 6392 Nov 12 16:15 ranbits
-rwxr-xr-x 1 root root 18876 Nov 12 16:15 rsasigkey
-rwxr-xr-x 1 root root 766 Nov 12 16:15 secrets
-rwxr-xr-x 1 root root 17624 Nov 12 16:15 send-pr
lrwxrwxrwx 1 root root 17 Jan 25 01:53 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Nov 12 16:15 showdefaults
-rwxr-xr-x 1 root root 4748 Nov 12 16:15 showhostkey
-rwxr-xr-x 1 root root 118516 Nov 12 16:15 spi
-rwxr-xr-x 1 root root 65796 Nov 12 16:15 spigrp
-rwxr-xr-x 1 root root 10340 Nov 12 16:15 tncfg
-rwxr-xr-x 1 root root 11628 Nov 12 16:15 verify
-rwxr-xr-x 1 root root 51188 Nov 12 16:15 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/lib/ipsec
total 1392
-rwxr-xr-x 1 root root 15848 Nov 12 16:15 _confread
-rwxr-xr-x 1 root root 4364 Nov 12 16:15 _copyright
-rwxr-xr-x 1 root root 2379 Nov 12 16:15 _include
-rwxr-xr-x 1 root root 1475 Nov 12 16:15 _keycensor
-rwxr-xr-x 1 root root 8012 Nov 12 16:15 _pluto_adns
-rwxr-xr-x 1 root root 3586 Nov 12 16:15 _plutoload
-rwxr-xr-x 1 root root 7209 Nov 12 16:15 _plutorun
-rwxr-xr-x 1 root root 12335 Nov 12 16:15 _realsetup
-rwxr-xr-x 1 root root 1975 Nov 12 16:15 _secretcensor
-rwxr-xr-x 1 root root 10070 Nov 12 16:15 _startklips
-rwxr-xr-x 1 root root 13912 Nov 12 16:15 _updown
-rwxr-xr-x 1 root root 15740 Nov 12 16:15 _updown_x509
-rwxr-xr-x 1 root root 18891 Nov 12 16:15 auto
-rwxr-xr-x 1 root root 11331 Nov 12 16:15 barf
-rwxr-xr-x 1 root root 816 Nov 12 16:15 calcgoo
-rwxr-xr-x 1 root root 77832 Nov 12 16:15 eroute
-rwxr-xr-x 1 root root 17992 Nov 12 16:15 ikeping
-rwxr-xr-x 1 root root 1942 Nov 12 16:15 ipsec_pr.template
-rwxr-xr-x 1 root root 60732 Nov 12 16:15 klipsdebug
-rwxr-xr-x 1 root root 1836 Nov 12 16:15 livetest
-rwxr-xr-x 1 root root 2605 Nov 12 16:15 look
-rwxr-xr-x 1 root root 7147 Nov 12 16:15 mailkey
-rwxr-xr-x 1 root root 16015 Nov 12 16:15 manual
-rwxr-xr-x 1 root root 1951 Nov 12 16:15 newhostkey
-rwxr-xr-x 1 root root 51872 Nov 12 16:15 pf_key
-rwxr-xr-x 1 root root 648712 Nov 12 16:15 pluto
-rwxr-xr-x 1 root root 6392 Nov 12 16:15 ranbits
-rwxr-xr-x 1 root root 18876 Nov 12 16:15 rsasigkey
-rwxr-xr-x 1 root root 766 Nov 12 16:15 secrets
-rwxr-xr-x 1 root root 17624 Nov 12 16:15 send-pr
lrwxrwxrwx 1 root root 17 Jan 25 01:53 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Nov 12 16:15 showdefaults
-rwxr-xr-x 1 root root 4748 Nov 12 16:15 showhostkey
-rwxr-xr-x 1 root root 118516 Nov 12 16:15 spi
-rwxr-xr-x 1 root root 65796 Nov 12 16:15 spigrp
-rwxr-xr-x 1 root root 10340 Nov 12 16:15 tncfg
-rwxr-xr-x 1 root root 11628 Nov 12 16:15 verify
-rwxr-xr-x 1 root root 51188 Nov 12 16:15 whack
+ _________________________ ipsec/updowns
++ ls /usr/lib/ipsec
++ egrep updown
+ for f in '`ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep updown`'
+ cat /usr/lib/ipsec/_updown
#! /bin/sh
# iproute2 version, default updown script
#
# Copyright (C) 2003-2004 Nigel Metheringham
# Copyright (C) 2002-2004 Michael Richardson <mcr at xelerance.com>
# Copyright (C) 2003-2005 Tuomo Soini <tis at foobar.fi>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown.in,v 1.21.2.11 2006/02/20 22:57:28 paul Exp $
# CAUTION: Installing a new version of Openswan will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# Openswan use yours instead of this default one.
LC_ALL=C export LC_ALL
# things that this script gets (from ipsec_pluto(8) man page)
#
#
# PLUTO_VERSION
# indicates what version of this interface is being
# used. This document describes version 1.1. This
# is upwardly compatible with version 1.0.
#
# PLUTO_VERB
# specifies the name of the operation to be performed
# (prepare-host, prepare-client, up-host, up-client,
# down-host, or down-client). If the address family
# for security gateway to security gateway
# communications is IPv6, then a suffix of -v6 is added
# to the verb.
#
# PLUTO_CONNECTION
# is the name of the connection for which we are
# routing.
#
# PLUTO_CONN_POLICY
# the policy of the connection, as in:
#
RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD
#
# PLUTO_NEXT_HOP
# is the next hop to which packets bound for the peer
# must be sent.
#
# PLUTO_INTERFACE
# is the name of the ipsec interface to be used.
#
# PLUTO_ME
# is the IP address of our host.
#
# PLUTO_MY_CLIENT
# is the IP address / count of our client subnet. If
# the client is just the host, this will be the
# host's own IP address / max (where max is 32 for
# IPv4 and 128 for IPv6).
#
# PLUTO_MY_CLIENT_NET
# is the IP address of our client net. If the client
# is just the host, this will be the host's own IP
# address.
#
# PLUTO_MY_CLIENT_MASK
# is the mask for our client net. If the client is
# just the host, this will be 255.255.255.255.
#
# PLUTO_MY_SOURCEIP
# if non-empty, then the source address for the route will be
# set to this IP address.
#
# PLUTO_MY_PROTOCOL
# is the protocol for this connection. Useful for
# firewalling.
#
# PLUTO_MY_PORT
# is the port. Useful for firewalling.
#
# PLUTO_PEER
# is the IP address of our peer.
#
# PLUTO_PEER_CLIENT
# is the IP address / count of the peer's client sub-
# net. If the client is just the peer, this will be
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
# PLUTO_PEER_CLIENT_NET
# is the IP address of the peer's client net. If the
# client is just the peer, this will be the peer's
# own IP address.
#
# PLUTO_PEER_CLIENT_MASK
# is the mask for the peer's client net. If the
# client is just the peer, this will be
# 255.255.255.255.
#
# PLUTO_PEER_PROTOCOL
# is the protocol set for remote end with port
# selector.
#
# PLUTO_PEER_PORT
# is the peer's port. Useful for firewalling.
#
# PLUTO_CONNECTION_TYPE
#
# Import default _updown configs from the /etc/default/pluto_updown file
#
# Two variables can be set in this file:
#
# DEFAULTSOURCE
# is the default value for PLUTO_MY_SOURCEIP
#
# IPROUTETABLE
# is the default value for IPROUTETABLE
#
# IPROUTEARGS
# is the extra argument list for ip route command
#
# IPRULEARGS
# is the extra argument list for ip rule command
#
if [ -f /etc/default/pluto_updown ]
then
. /etc/default/pluto_updown
fi
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
ip route flush cache
}
downroute() {
doroute delete
ip route flush cache
}
uprule() {
# policy based advanced routing
if [ -n "$IPROUTETABLE" ]
then
dorule delete
dorule add
fi
# virtual sourceip support
if [ -n "$PLUTO_MY_SOURCEIP" ]
then
addsource
rc=$?
if [ $rc -ne 0 ];
then
changesource
fi
fi
ip route flush cache
}
downrule() {
if [ -n "$IPROUTETABLE" ]
then
dorule delete
ip route flush cache
fi
}
addsource() {
st=0
# check if given sourceip is local and add as alias if not
if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
then
it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev
${PLUTO_INTERFACE%:*}"
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: File exists'*)
# should not happen, but ... ignore if the
# address was already assigned on interface
oops=""
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: addsource \`$it' failed ($oops)" >&2
fi
fi
return $st
}
changesource() {
# Change used route source to destination if there is previous
# Route to same PLUTO_PEER_CLIENT. This is basically to fix
# configuration errors where all conns to same destination don't
# have (left/right)sourceip set.
st=0
parms="$PLUTO_PEER_CLIENT dev ${PLUTO_INTERFACE%:*}"
parms="$parms src ${PLUTO_MY_SOURCEIP%/*} $IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms="$parms table $IPROUTETABLE"
fi
it="ip route change $parms"
case "$PLUTO_PEER_CLIENT" in
"0.0.0.0/0")
# opportunistic encryption work around
it=
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such file or directory'*)
# Will happen every time first tunnel is activated because
# there is no previous route to PLUTO_PEER_CLIENT. So we
# need to ignore this error.
oops=""
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: changesource \`$it' failed ($oops)" >&2
fi
return $st
}
dorule() {
st=0
it2=
iprule="from $PLUTO_MY_CLIENT"
iprule2="to $PLUTO_PEER_CLIENT table $IPROUTETABLE $IPRULEARGS"
case "$PLUTO_PEER_CLIENT" in
"0.0.0.0/0")
# opportunistic encryption work around
st=0
;;
*)
if [ -z "$PLUTO_MY_SOURCEIP" ]
then
if [ "$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}" ]
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
fi
else
if [ "${PLUTO_MY_SOURCEIP%/*}" =
"${PLUTO_MY_CLIENT%/*}" ]
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
it2="ip rule $1 iif lo $iprule2"
fi
fi
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it' failed ($oops)" >&2
fi
if test "$st" = "0" -a -n "$it2"
then
oops="`eval $it2 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it2' failed ($oops)" >&2
fi
fi
;;
esac
return $st
}
doroute() {
st=0
parms="$PLUTO_PEER_CLIENT"
parms2=
if [ -n "$PLUTO_NEXT_HOP" ] && [ "$PLUTO_NEXT_HOP" !=
"$PLUTO_PEER" ]
then
parms2="via $PLUTO_NEXT_HOP"
fi
parms2="$parms2 dev ${PLUTO_INTERFACE%:*}"
parms3="$IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms3="$parms3 table $IPROUTETABLE"
fi
if [ -z "$PLUTO_MY_SOURCEIP" ] && [ -n "$DEFAULTSOURCE" ]
then
PLUTO_MY_SOURCEIP="${DEFAULTSOURCE%/*}"
fi
if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
then
addsource
parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
fi
case "$PLUTO_PEER_CLIENT" in
"0.0.0.0/0")
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
ip route $1 128.0.0.0/1 $parms2 $parms3"
;;
*) it="ip route $1 $parms $parms2 $parms3"
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: doroute \`$it' failed ($oops)" >&2
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT" in
"0.0.0.0/0")
# need to provide route that eclipses default, without
# replacing it.
parms1="0.0.0.0/1"
parms2="128.0.0.0/1"
it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route
delete $parms2 $IPROUTEARGS 2>&1"
oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route
delete $parms2 $IPROUTEARGS 2>&1`"
;;
*)
parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms="$parms table $IPROUTETABLE"
fi
it="ip route delete $parms 2>&1"
oops="`ip route delete $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
*'RTNETLINK answers: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
uprule
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
downrule
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
uprule
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
downrule
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming
up
uprule
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going
down
downrule
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
#
# IPv6
#
prepare-host-v6:*|prepare-client-v6:*)
;;
route-host-v6:*|route-client-v6:*)
# connection to me or my client subnet being routed
#uproute_v6
;;
unroute-host-v6:*|unroute-client-v6:*)
# connection to me or my client subnet being unrouted
#downroute_v6
;;
up-host-v6:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host-v6:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client-v6:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client-v6:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ for f in '`ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep updown`'
+ cat /usr/lib/ipsec/_updown_x509
#! /bin/sh
#
# customized updown script
#
# logging of VPN connections
#
# tag put in front of each log entry:
TAG=vpn
#
# syslog facility and priority used:
FAC_PRIO=local0.notice
#
# to create a special vpn logging file, put the following line into
# the syslog configuration file /etc/syslog.conf:
#
# local0.notice -/var/log/vpn
#
# are there port numbers?
if [ "$PLUTO_MY_PORT" != 0 ]
then
S_MY_PORT="--sport $PLUTO_MY_PORT"
D_MY_PORT="--dport $PLUTO_MY_PORT"
fi
if [ "$PLUTO_PEER_PORT" != 0 ]
then
S_PEER_PORT="--sport $PLUTO_PEER_PORT"
D_PEER_PORT="--dport $PLUTO_PEER_PORT"
fi
# CAUTION: Installing a new version of Openswan will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# Openswan use yours instead of this default one.
LC_ALL=C export LC_ALL
# things that this script gets (from ipsec_pluto(8) man page)
#
#
# PLUTO_VERSION
# indicates what version of this interface is being
# used. This document describes version 1.1. This
# is upwardly compatible with version 1.0.
#
# PLUTO_VERB
# specifies the name of the operation to be performed
# (prepare-host, prepare-client, up-host, up-client,
# down-host, or down-client). If the address family
# for security gateway to security gateway communica-
# tions is IPv6, then a suffix of -v6 is added to the
# verb.
#
# PLUTO_CONNECTION
# is the name of the connection for which we are
# routing.
#
# PLUTO_CONN_POLICY
# the policy of the connection, as in:
#
RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD
#
# PLUTO_NEXT_HOP
# is the next hop to which packets bound for the peer
# must be sent.
#
# PLUTO_INTERFACE
# is the name of the ipsec interface to be used.
#
# PLUTO_ME
# is the IP address of our host.
#
# PLUTO_MY_CLIENT
# is the IP address / count of our client subnet. If
# the client is just the host, this will be the
# host's own IP address / max (where max is 32 for
# IPv4 and 128 for IPv6).
#
# PLUTO_MY_CLIENT_NET
# is the IP address of our client net. If the client
# is just the host, this will be the host's own IP
# address.
#
# PLUTO_MY_CLIENT_MASK
# is the mask for our client net. If the client is
# just the host, this will be 255.255.255.255.
#
# PLUTO_MY_SOURCEIP
# if non-empty, then the source address for the route will be
# set to this IP address.
#
# PLUTO_MY_PROTOCOL
# is the protocol for this connection. Useful for
# firewalling.
#
# PLUTO_MY_PORT
# is the port. Useful for firewalling.
#
# PLUTO_PEER
# is the IP address of our peer.
#
# PLUTO_PEER_CLIENT
# is the IP address / count of the peer's client sub-
# net. If the client is just the peer, this will be
# the peer's own IP address / max (where max is 32
# for IPv4 and 128 for IPv6).
#
# PLUTO_PEER_CLIENT_NET
# is the IP address of the peer's client net. If the
# client is just the peer, this will be the peer's
# own IP address.
#
# PLUTO_PEER_CLIENT_MASK
# is the mask for the peer's client net. If the
# client is just the peer, this will be
# 255.255.255.255.
#
# PLUTO_PEER_PROTOCOL
# is the protocol set for remote end with port
# selector.
#
# PLUTO_PEER_PORT
# is the peer's port. Useful for firewalling.
#
# PLUTO_CONNECTION_TYPE
#
# Import default _updown configs from the /etc/default/pluto_updown file
#
# Two variables can be set in this file:
#
# DEFAULTSOURCE
# is the default value for PLUTO_MY_SOURCEIP
#
# IPROUTETABLE
# is the default value for IPROUTETABLE
#
# IPROUTEARGS
# is the extra argument list for ip route command
#
# IPRULEARGS
# is the extra argument list for ip rule command
#
if [ -f /etc/default/pluto_updown ]
then
. /etc/default/pluto_updown
fi
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script
only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
ip route flush cache
}
downroute() {
doroute delete
ip route flush cache
}
uprule() {
# policy based advanced routing
if [ -n "$IPROUTETABLE" ]
then
dorule delete
dorule add
fi
# virtual sourceip support
if [ -n "$PLUTO_MY_SOURCEIP" ]
then
addsource
changesource
fi
ip route flush cache
}
downrule() {
if [ -n "$IPROUTETABLE" ]
then
dorule delete
ip route flush cache
fi
}
addsource() {
st=0
if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
then
it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev
${PLUTO_INTERFACE%:*}"
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: addsource \`$it' failed ($oops)" >&2
fi
fi
return $st
}
changesource() {
st=0
parms="$PLUTO_PEER_CLIENT"
parms2="dev ${PLUTO_INTERFACE%:*}"
parms3="src ${PLUTO_MY_SOURCEIP%/*} $IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms3="$parms3 table '$IPROUTETABLE'"
fi
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
it=
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: changesource \`$it' failed ($oops)" >&2
fi
return $st
}
dorule() {
st=0
it2=
iprule="from $PLUTO_MY_CLIENT"
iprule2="to $PLUTO_PEER_CLIENT table $IPROUTETABLE $IPRULEARGS"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
st=0
;;
*)
if [ -z "$PLUTO_MY_SOURCEIP" ]
then
if [ "$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}" ]
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
fi
else
if [ "${PLUTO_MY_SOURCEIP%/*}" =
"${PLUTO_MY_CLIENT%/*}" ]
then
it="ip rule $1 iif lo $iprule2"
else
it="ip rule $1 $iprule $iprule2"
it2="ip rule $1 iif lo $iprule2"
fi
fi
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it' failed ($oops)" >&2
fi
if test "$st" = "0" -a -n "$it2"
then
oops="`eval $it2 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
case "$oops" in
'RTNETLINK answers: No such process'*)
# This is what ip rule gives
# for "could not find such a rule"
oops=
st=0
;;
esac
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: dorule \`$it2' failed ($oops)" >&2
fi
fi
;;
esac
return $st
}
doroute() {
st=0
parms="$PLUTO_PEER_CLIENT"
parms2=
if [ -n "$PLUTO_NEXT_HOP" ] && [ "$PLUTO_NEXT_HOP" !=
"$PLUTO_PEER" ]
then
parms2="via $PLUTO_NEXT_HOP"
fi
parms2="$parms2 dev ${PLUTO_INTERFACE%:*}"
parms3="$IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms3="$parms3 table $IPROUTETABLE"
fi
if [ -z "$PLUTO_MY_SOURCEIP" ] && [ -n "$DEFAULTSOURCE" ]
then
PLUTO_MY_SOURCEIP="${DEFAULTSOURCE%/*}"
fi
if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
then
addsource
parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
fi
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
ip route $1 128.0.0.0/1 $parms2 $parms3"
;;
*) it="ip route $1 $parms $parms2 $parms3"
;;
esac
oops="`eval $it 2>&1`"
st=$?
if test " $oops" = " " -a " $st" != " 0"
then
oops="silent error, exit status $st"
fi
if test " $oops" != " " -o " $st" != " 0"
then
echo "$0: doroute \`$it' failed ($oops)" >&2
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# need to provide route that eclipses default, without
# replacing it.
parms1="0.0.0.0/1"
parms2="128.0.0.0/1"
it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route
delete $parms2 $IPROUTEARGS 2>&1"
oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route
delete $parms2 $IPROUTEARGS 2>&1`"
;;
*)
parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"
if [ -n "$IPROUTETABLE" ]
then
parms="$parms table $IPROUTETABLE"
fi
it="ip route delete $parms 2>&1"
oops="`ip route delete $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
*'RTNETLINK answers: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
uprule
# If you are doing a custom version, firewall commands go here.
iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME"
fi
;;
down-host:*)
# connection to me going down
downrule
# If you are doing a custom version, firewall commands go here.
iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_ME $D_MY_PORT -j ACCEPT
iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_ME $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME"
fi
;;
up-client:)
# connection to my client subnet coming up
uprule
# If you are doing a custom version, firewall commands go here.
iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
$PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO \
"+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
down-client:)
# connection to my client subnet going down
downrule
# If you are doing a custom version, firewall commands go here.
iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
$D_PEER_PORT -j ACCEPT
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
-d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j
ACCEPT
#
if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ]
then
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME ==
$PLUTO_MY_CLIENT"
else
logger -t $TAG -p $FAC_PRIO -- \
"- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER --
$PLUTO_ME == $PLUTO_MY_CLIENT"
fi
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming
up
uprule
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going
down
downrule
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
#
# IPv6
#
prepare-host-v6:*|prepare-client-v6:*)
;;
route-host-v6:*|route-client-v6:*)
# connection to me or my client subnet being routed
#uproute_v6
;;
unroute-host-v6:*|unroute-client-v6:*)
# connection to me or my client subnet being unrouted
#downroute_v6
;;
up-host-v6:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host-v6:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client-v6:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client-v6:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo:12641289 167935 0 0 0 0 0 0 12641289
167935 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
eth1: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
eth2: 78681 551 0 0 0 0 0 0 525155
2036 0 0 0 75 0 0
eth3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
eth4: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
eth5: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
eth6: 0 0 0 0 0 0 0 0 492
6 0 0 0 0 0 0
eth7: 203628 1850 7 0 0 0 0 0 620
8 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask
MTU Window IRTT
eth7 0000000A 00000000 0001 0 0 0
00FFFFFF 0 0 0
eth2 0000060A 00000000 0001 0 0 0
00FFFFFF 0 0 0
eth2 0000060A 0101A8C0 0003 0 0 1
00FFFFFF 0 0 0
eth2 0001A8C0 00000000 0001 0 0 0
00FFFFFF 0 0 0
eth2 00000000 0101A8C0 0003 0 0 1
00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
eth2/rp_filter eth3/rp_filter eth4/rp_filter eth5/rp_filter eth6/rp_filter
eth7/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
eth2/rp_filter:0
eth3/rp_filter:0
eth4/rp_filter:0
eth5/rp_filter:0
eth6/rp_filter:0
eth7/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
eth2/rp_filter eth3/rp_filter eth4/rp_filter eth5/rp_filter eth6/rp_filter
eth7/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
eth2/rp_filter:0
eth3/rp_filter:0
eth4/rp_filter:0
eth5/rp_filter:0
eth6/rp_filter:0
eth7/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
eth1/accept_redirects eth1/secure_redirects eth1/send_redirects
eth2/accept_redirects eth2/secure_redirects eth2/send_redirects
eth3/accept_redirects eth3/secure_redirects eth3/send_redirects
eth4/accept_redirects eth4/secure_redirects eth4/send_redirects
eth5/accept_redirects eth5/secure_redirects eth5/send_redirects
eth6/accept_redirects eth6/secure_redirects eth6/send_redirects
eth7/accept_redirects eth7/secure_redirects eth7/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
eth1/accept_redirects:0
eth1/secure_redirects:1
eth1/send_redirects:0
eth2/accept_redirects:0
eth2/secure_redirects:1
eth2/send_redirects:0
eth3/accept_redirects:0
eth3/secure_redirects:1
eth3/send_redirects:0
eth4/accept_redirects:0
eth4/secure_redirects:1
eth4/send_redirects:0
eth5/accept_redirects:0
eth5/secure_redirects:1
eth5/send_redirects:0
eth6/accept_redirects:0
eth6/secure_redirects:1
eth6/send_redirects:0
eth7/accept_redirects:0
eth7/secure_redirects:1
eth7/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux netscreen 2.6.19 #1 SMP Wed Jan 24 00:38:37 PST 2007 i686 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.19) support detected '
NETKEY (2.6.19) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/lib/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall
support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 170K packets, 13M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 170K packets, 13M bytes)
pkts bytes target prot opt in out source
destination
Chain LOGACCEPT (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
0 0 RETURN 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain LOGDROP (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
0 0 DROP 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain LOGREJECT (0 references)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
0 0 REJECT 0 -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 25 packets, 6962 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 48 packets, 3165 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 48 packets, 3165 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 112K packets, 8241K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 112K packets, 8241K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 111K packets, 8574K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 111K packets, 8574K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 3968 0 - Live 0xe0ad2000
8021q 21384 0 - Live 0xe0b7d000
iptable_nat 8580 0 - Live 0xe0b1e000
ip_nat 20012 1 iptable_nat, Live 0xe0b25000
ip_conntrack 51124 2 iptable_nat,ip_nat, Live 0xe0af9000
nfnetlink 7960 2 ip_nat,ip_conntrack, Live 0xe0acf000
xfrm_user 25088 2 - Live 0xe0af1000
xfrm4_tunnel 3712 0 - Live 0xe0854000
af_key 37904 0 - Live 0xe0a31000
unionfs 78244 0 - Live 0xe0b09000
ipv6 261280 18 - Live 0xe0b2b000
ipt_REJECT 5888 1 - Live 0xe0aad000
ipt_LOG 8448 3 - Live 0xe0ac7000
iptable_filter 4096 1 - Live 0xe092c000
ip_tables 15588 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xe0ada000
x_tables 16900 4 iptable_nat,ipt_REJECT,ipt_LOG,ip_tables, Live 0xe0ad4000
tunnel4 4484 1 xfrm4_tunnel, Live 0xe0a11000
ipcomp 8840 0 - Live 0xe0aa9000
esp4 8832 2 - Live 0xe0a40000
ah4 7808 0 - Live 0xe08fd000
deflate 4992 0 - Live 0xe09bd000
zlib_deflate 21400 1 deflate, Live 0xe0ab0000
twofish 9728 0 - Live 0xe0a3c000
twofish_common 40832 1 twofish, Live 0xe0ab8000
serpent 19328 0 - Live 0xe0aa3000
aes 29248 0 - Live 0xe0a54000
blowfish 10496 0 - Live 0xe0a15000
des 19712 2 - Live 0xe0a19000
cbc 5760 2 - Live 0xe097d000
ecb 4736 0 - Live 0xe0929000
blkcipher 7040 2 cbc,ecb, Live 0xe08bd000
sha256 12288 0 - Live 0xe09e1000
sha1 3840 0 - Live 0xe081b000
crypto_null 3712 0 - Live 0xe080c000
dm_snapshot 19236 0 - Live 0xe09e8000
dm_mirror 23376 0 - Live 0xe09f9000
dm_mod 58520 2 dm_snapshot,dm_mirror, Live 0xe0a44000
tsdev 9024 0 - Live 0xe09b9000
psmouse 38920 0 - Live 0xe09ee000
i2c_i801 9100 0 - Live 0xe09b5000
serio_raw 8068 0 - Live 0xe082d000
i2c_core 23296 1 i2c_i801, Live 0xe0939000
pcspkr 4224 0 - Live 0xe0830000
shpchp 39328 0 - Live 0xe09a1000
pci_hotplug 29244 1 shpchp, Live 0xe09ac000
evdev 11392 0 - Live 0xe0925000
ext3 139016 2 - Live 0xe0a80000
jbd 60328 1 ext3, Live 0xe096d000
mbcache 10116 1 ext3, Live 0xe0921000
sd_mod 22656 3 - Live 0xe0820000
ide_cd 41120 0 - Live 0xe0961000
cdrom 38432 1 ide_cd, Live 0xe092e000
ata_piix 17160 2 - Live 0xe0827000
libata 107540 1 ata_piix, Live 0xe08e1000
scsi_mod 138892 2 sd_mod,libata, Live 0xe0a5d000
piix 11396 0 [permanent], Live 0xe0810000
generic 6532 0 [permanent], Live 0xe081d000
ehci_hcd 31624 0 - Live 0xe0877000
uhci_hcd 23432 0 - Live 0xe0814000
tg3 110340 0 - Live 0xe08a1000
usbcore 128516 3 ehci_hcd,uhci_hcd, Live 0xe0856000
e1000 129856 0 - Live 0xe0833000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 516228 kB
MemFree: 387092 kB
Buffers: 20420 kB
Cached: 64600 kB
SwapCached: 0 kB
Active: 75940 kB
Inactive: 36908 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 516228 kB
LowFree: 387092 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 164 kB
Writeback: 0 kB
AnonPages: 27832 kB
Mapped: 12140 kB
Slab: 12060 kB
SReclaimable: 2684 kB
SUnreclaim: 9376 kB
PageTables: 688 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 258112 kB
Committed_AS: 43064 kB
VmallocTotal: 507896 kB
VmallocUsed: 3516 kB
VmallocChunk: 504296 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep
'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
# CONFIG_IPC_NS is not set
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_MULTIPATH_CACHED=y
CONFIG_IP_ROUTE_MULTIPATH_RR=m
CONFIG_IP_ROUTE_MULTIPATH_RANDOM=m
CONFIG_IP_ROUTE_MULTIPATH_WRANDOM=m
CONFIG_IP_ROUTE_MULTIPATH_DRR=m
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_IPSEC_NAT_TRAVERSAL=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
# CONFIG_IPV6_ROUTER_PREF is not set
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
# CONFIG_IPV6_MIP6 is not set
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
CONFIG_IPV6_SIT=m
CONFIG_IPV6_TUNNEL=m
# CONFIG_IPV6_MULTIPLE_TABLES is not set
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_SECMARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CONNTRACK_NETLINK=m
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_NETBIOS_NS=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_PPTP=m
# CONFIG_IP_NF_H323 is not set
# CONFIG_IP_NF_SIP is not set
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
# CONFIG_IP_NF_MATCH_AH is not set
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_IP_NF_MATCH_RLSNMPSTATS is not set
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
# CONFIG_IP6_NF_MATCH_AH is not set
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
# CONFIG_IPW2200_PROMISCUOUS is not set
CONFIG_IPW2200_QOS=y
CONFIG_IPW2200_DEBUG=y
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y
CONFIG_HW_RANDOM_GEODE=y
CONFIG_HW_RANDOM_VIA=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
*.* /var/log/messages
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x 3 root root 4096 Jan 24 09:40 2.6.19
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c02447b0 T __netif_rx_schedule
c0245e70 T netif_rx
c0247450 T netif_rx_ni
c02e932c r __ksymtab___netif_rx_schedule
c02e935c r __ksymtab_netif_rx_ni
c02e9434 r __ksymtab_netif_rx
c02ecbfc r __kcrctab___netif_rx_schedule
c02ecc14 r __kcrctab_netif_rx_ni
c02ecc80 r __kcrctab_netif_rx
c02f6b48 r __kstrtab___netif_rx_schedule
c02f6bbb r __kstrtab_netif_rx_ni
c02f6d6e r __kstrtab_netif_rx
c0245e70 U netif_rx [8021q]
c0245e70 U netif_rx [ipv6]
c02447b0 U __netif_rx_schedule [tg3]
c02447b0 U __netif_rx_schedule [e1000]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.19:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '330968,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jan 30 20:35:12 vyatta ipsec_setup: Starting Openswan IPsec 2.4.6...
Jan 30 20:35:12 vyatta ipsec_setup: insmod
/lib/modules/2.6.19/kernel/net/key/af_key.ko
Jan 30 20:35:12 vyatta ipsec_setup: insmod
/lib/modules/2.6.19/kernel/net/ipv4/xfrm4_tunnel.ko
Jan 30 20:35:12 vyatta ipsec_setup: insmod
/lib/modules/2.6.19/kernel/net/xfrm/xfrm_user.ko
Jan 30 20:35:12 vyatta pluto[4194]: Starting Pluto (Openswan Version 2.4.6
X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID
OElLO]RdWNRD)
Jan 30 20:35:12 vyatta pluto[4194]: Setting NAT-Traversal port-4500 floating
to off
Jan 30 20:35:12 vyatta pluto[4194]: port floating activation criteria
nat_t=0/port_fload=1
Jan 30 20:35:12 vyatta pluto[4194]: including NAT-Traversal patch (Version
0.6c) [disabled]
Jan 30 20:35:12 vyatta pluto[4194]: | opening /dev/hw_random
Jan 30 20:35:12 vyatta pluto[4194]: WARNING: Open of /dev/hw_random failed
in init_rnd_pool(), trying alternate sources of random
Jan 30 20:35:12 vyatta pluto[4194]: | opening /dev/urandom
Jan 30 20:35:12 vyatta pluto[4194]: WARNING: Using /dev/urandom as the
source of random
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_REINIT_SECRET,
timeout in 3600 seconds
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:35:12 vyatta pluto[4194]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Jan 30 20:35:12 vyatta pluto[4194]: starting up 1 cryptographic helpers
Jan 30 20:35:12 vyatta pluto[4227]: | opening /dev/hw_random
Jan 30 20:35:12 vyatta pluto[4227]: WARNING: Open of /dev/hw_random failed
in init_rnd_pool(), trying alternate sources of random
Jan 30 20:35:12 vyatta pluto[4194]: started helper pid=4227 (fd:6)
Jan 30 20:35:12 vyatta pluto[4194]: | process 4194 listening for PF_KEY_V2
on file descriptor 7
Jan 30 20:35:12 vyatta pluto[4194]: Using Linux 2.6 IPsec interface code on
2.6.19
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2,
res=0, seq=1, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 1 for AH
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 02 02 00 00 00 01 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4227]: | opening /dev/urandom
Jan 30 20:35:12 vyatta pluto[4227]: WARNING: Using /dev/urandom as the
source of random
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 1
Jan 30 20:35:12 vyatta pluto[4194]: | AH registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2,
res=0, seq=2, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 2 for ESP
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 03 02 00 00 00 02 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4227]: | certs and keys locked by
'free_preshared_secrets'
Jan 30 20:35:12 vyatta pluto[4227]: | certs and keys unlocked by
'free_preshard_secrets'
Jan 30 20:35:12 vyatta pluto[4227]: ! helper 0 waiting on fd: 7
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 2
Jan 30 20:35:12 vyatta pluto[4194]: | alg_init():memset(0x80faf60, 0, 2016)
memset(0x80fb740, 0, 2048)
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=251
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=2
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0,
alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=3
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0,
alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=5
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0,
alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=11
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=2
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8,
alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=3
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8,
alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=7
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8,
alg_minbits=40, alg_maxbits=448, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=12
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=252
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=253
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | ESP registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2,
res=0, seq=3, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 3 for IPCOMP
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 09 02 00 00 00 03 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 3
Jan 30 20:35:12 vyatta pluto[4194]: | IPCOMP registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/cacerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/aacerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/crls'
Jan 30 20:35:12 vyatta pluto[4194]: Warning: empty directory
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_LOG_DAILY,
timeout in 12288 seconds
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc580, "OAKLEY_3DES")
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_ppfixi () calling
enum_search(0x80dc580, "OAKLEY_3DES_CBC")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
ealg_getbyname("3des")=5
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc5a0, "OAKLEY_MD5")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc5d0, "OAKLEY_GROUP_MODP1024")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
modp_getbyname("modp1024")=2
Jan 30 20:35:12 vyatta pluto[4194]: | __alg_info_ike_add() ealg=5 aalg=1
modp_id=2, cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | Added new connection
peer-192.168.1.1-tunnel-1 with policy PSK+ENCRYPT+TUNNEL+PFS
Jan 30 20:35:12 vyatta pluto[4194]: | from whack: got --esp=3des-md5
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc344, "ESP_3DES")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
ealg_getbyname("3des")=3
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc428, "AUTH_ALGORITHM_HMAC_MD5")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Jan 30 20:35:12 vyatta pluto[4194]: | __alg_info_esp_add() ealg=3 aalg=1
cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | esp string values: 3_000-1,
flags=strict
Jan 30 20:35:12 vyatta pluto[4194]: | from whack:
got --ike=3des-md5-modp1024
Jan 30 20:35:12 vyatta pluto[4194]: | ike string values: 5_000-1-2,
flags=strict
Jan 30 20:35:12 vyatta pluto[4194]: | counting wild cards for (none) is 15
Jan 30 20:35:12 vyatta pluto[4194]: | counting wild cards for (none) is 15
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=2
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=2
Jan 30 20:35:12 vyatta pluto[4194]: added connection description
"peer-192.168.1.1-tunnel-1"
Jan 30 20:35:12 vyatta pluto[4194]: |
10.0.0.0/24===192.168.1.10...192.168.1.1===10.6.0.0/24
Jan 30 20:35:12 vyatta pluto[4194]: | ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
PSK+ENCRYPT+TUNNEL+PFS
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: listening for IKE messages
Jan 30 20:35:12 vyatta pluto[4194]: | found lo with address 127.0.0.1
Jan 30 20:35:12 vyatta pluto[4194]: | found eth2 with address 192.168.1.10
Jan 30 20:35:12 vyatta pluto[4194]: | found eth7 with address 10.0.0.233
Jan 30 20:35:12 vyatta pluto[4194]: adding interface eth7/eth7
10.0.0.233:500
Jan 30 20:35:12 vyatta pluto[4194]: adding interface eth2/eth2
192.168.1.10:500
Jan 30 20:35:12 vyatta pluto[4194]: adding interface lo/lo 127.0.0.1:500
Jan 30 20:35:12 vyatta pluto[4194]: | found lo with address
0000:0000:0000:0000:0000:0000:0000:0001
Jan 30 20:35:12 vyatta pluto[4194]: adding interface lo/lo ::1:500
Jan 30 20:35:12 vyatta pluto[4194]: | connect_to_host_pair: 192.168.1.10:500
192.168.1.1:500 -> hp:none
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys locked by
'free_preshared_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys unlocked by
'free_preshard_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: loading secrets from
"/etc/ipsec.secrets"
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys locked by
'process_secret'
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys unlocked by
'process_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" unrouted: NULL; eroute owner: NULL
Jan 30 20:35:12 vyatta pluto[4194]: | could_route called for
peer-192.168.1.1-tunnel-1 (kind=CK_PERMANENT)
Jan 30 20:35:12 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" unrouted: NULL; eroute owner: NULL
Jan 30 20:35:12 vyatta pluto[4194]: | route_and_eroute with c:
peer-192.168.1.1-tunnel-1 (next: none) ero:null esr:{(nil)} ro:null
rosr:{(nil)} and state: 0
Jan 30 20:35:12 vyatta pluto[4194]: | add eroute 10.6.0.0/24:0 --0->
10.0.0.0/24:0 => %trap (raw_eroute)
Jan 30 20:35:12 vyatta pluto[4194]: | eroute_connection add eroute
10.0.0.0/24:0 --0-> 10.6.0.0/24:0 => %trap (raw_eroute)
Jan 30 20:35:12 vyatta pluto[4194]: | route_and_eroute: firewall_notified:
true
Jan 30 20:35:12 vyatta pluto[4194]: | command executing prepare-client
Jan 30 20:35:12 vyatta pluto[4194]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS' ipsec _updown
Jan 30 20:35:12 vyatta pluto[4194]: | command executing route-client
Jan 30 20:35:12 vyatta pluto[4194]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS' ipsec _updown
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() initial
trans_cnt=28
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() will return
p_new->protoid=3, p_new->trans_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() trans[0]:
transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
Jan 30 20:35:12 vyatta pluto[4194]: | returning new proposal from esp_info
Jan 30 20:35:12 vyatta pluto[4194]: | creating state object #1 at 0x80fe458
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:12 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:12 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Jan 30 20:35:12 vyatta pluto[4194]: | Queuing pending Quick Mode with
192.168.1.1 "peer-192.168.1.1-tunnel-1"
Jan 30 20:35:12 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
initiating Main Mode
Jan 30 20:35:12 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:12 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:12 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:12 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:12 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:12 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:12 vyatta pluto[4194]: | flags: none
Jan 30 20:35:12 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Security Association
Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:12 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:12 vyatta pluto[4194]: | ****emit IPsec DOI SIT:
Jan 30 20:35:12 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:12 vyatta pluto[4194]: | out_sa pcn: 0 has 1 valid proposals
Jan 30 20:35:12 vyatta pluto[4194]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jan 30 20:35:12 vyatta pluto[4194]: | ****emit ISAKMP Proposal Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | proposal number: 0
Jan 30 20:35:12 vyatta pluto[4194]: | protocol ID: PROTO_ISAKMP
Jan 30 20:35:12 vyatta pluto[4194]: | SPI size: 0
Jan 30 20:35:12 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:12 vyatta pluto[4194]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | transform number: 0
Jan 30 20:35:12 vyatta pluto[4194]: | transform ID: KEY_IKE
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_TYPE
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_DURATION
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 3600
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 5
Jan 30 20:35:12 vyatta pluto[4194]: | [5 is OAKLEY_3DES_CBC]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_MD5]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:12 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Proposal
Payload: 40
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Security
Association Payload: 52
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Vendor ID Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | emitting 12 raw bytes of Vendor ID
into ISAKMP Vendor ID Payload
Jan 30 20:35:12 vyatta pluto[4194]: | Vendor ID 4f 45 6c 4c 4f 5d 52 64
57 4e 52 44
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Vendor ID
Payload: 16
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Vendor ID Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | emitting 16 raw bytes of V_ID into
ISAKMP Vendor ID Payload
Jan 30 20:35:12 vyatta pluto[4194]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86
96 fc 77 57 01 00
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Vendor ID
Payload: 20
Jan 30 20:35:12 vyatta pluto[4194]: | nat traversal enabled: 0
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Message: 116
Jan 30 20:35:12 vyatta pluto[4194]: | sending 116 bytes for main_outI1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:12 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:12 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:12 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:12 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:12 vyatta ipsec__plutorun: 104 "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I1: initiate
Jan 30 20:35:12 vyatta ipsec__plutorun: ...could not start conn
"peer-192.168.1.1-tunnel-1"
Jan 30 20:35:15 vyatta pluto[4194]: | rejected packet:
Jan 30 20:35:15 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:15 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:15 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:15 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:15 vyatta pluto[4194]: | control:
Jan 30 20:35:15 vyatta pluto[4194]: | 18 00 00 00 00 00 00 00 08 00 00
00 01 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | c0 a8 01 0a c0 a8 01 0a 2c 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 0b 00 00 00 71 00 00 00 02 03 01
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 00 02 00 00 00 c0 a8 01
0a 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | name:
Jan 30 20:35:15 vyatta pluto[4194]: | 02 00 01 f4 c0 a8 01 01 00 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ERROR:
asynchronous network error report on eth2 (sport=500) for message to
192.168.1.1 port 500, complainant 192.168.1.10: No route to host [errno 113,
origin ICMP type 3 code 1 (not authenticated)]
Jan 30 20:35:15 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 7
seconds for #1
Jan 30 20:35:22 vyatta pluto[4194]: |
Jan 30 20:35:22 vyatta pluto[4194]: | *time to handle event
Jan 30 20:35:22 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT
Jan 30 20:35:22 vyatta pluto[4194]: | event after this is
EVENT_PENDING_PHASE2 in 110 seconds
Jan 30 20:35:22 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:22 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT for
192.168.1.1 "peer-192.168.1.1-tunnel-1" #1
Jan 30 20:35:22 vyatta pluto[4194]: | sending 116 bytes for EVENT_RETRANSMIT
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:23 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:23 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:23 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:23 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:23 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:23 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #1
Jan 30 20:35:23 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 20
seconds for #1
Jan 30 20:35:26 vyatta pluto[4194]: | rejected packet:
Jan 30 20:35:26 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:26 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:26 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:26 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:26 vyatta pluto[4194]: | control:
Jan 30 20:35:26 vyatta pluto[4194]: | 18 00 00 00 00 00 00 00 08 00 00
00 01 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | c0 a8 01 0a c0 a8 01 0a 2c 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 0b 00 00 00 71 00 00 00 02 03 01
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 00 02 00 00 00 c0 a8 01
0a 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | name:
Jan 30 20:35:26 vyatta pluto[4194]: | 02 00 01 f4 c0 a8 01 01 00 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ERROR:
asynchronous network error report on eth2 (sport=500) for message to
192.168.1.1 port 500, complainant 192.168.1.10: No route to host [errno 113,
origin ICMP type 3 code 1 (not authenticated)]
Jan 30 20:35:26 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 16
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *time to handle event
Jan 30 20:35:42 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT
Jan 30 20:35:42 vyatta pluto[4194]: | event after this is
EVENT_PENDING_PHASE2 in 90 seconds
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT for
192.168.1.1 "peer-192.168.1.1-tunnel-1" #1
Jan 30 20:35:42 vyatta pluto[4194]: | sending 116 bytes for EVENT_RETRANSMIT
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:42 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:42 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 40 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 40
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 156 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
9c 0d 00 00 34
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 01 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 20 01 01 00 00 80 01 00
05 80 02 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 80 04 00 02 80 03 00 01 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 20 16 6f 93 2d 55 eb 64
d8 e4 df 4f d3
Jan 30 20:35:42 vyatta pluto[4194]: | 7e 23 13 f0 d0 fd 84 51 00 00 00
00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:42 vyatta pluto[4194]: | 77 57 01 00 00 00 00 18 48 65 61
72 74 42 65 61
Jan 30 20:35:42 vyatta pluto[4194]: | 74 5f 4e 6f 74 69 66 79 38 6b 01
00
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 156
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | state object not found
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I1
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Security Association
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 52
Jan 30 20:35:42 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 32
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 20
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 24
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ignoring
unknown Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: received
Vendor ID payload [Dead Peer Detection]
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ignoring
Vendor ID payload [HeartBeat Notify 386b0100]
Jan 30 20:35:42 vyatta pluto[4194]: | ****parse IPsec DOI SIT:
Jan 30 20:35:42 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:42 vyatta pluto[4194]: | ****parse ISAKMP Proposal Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 40
Jan 30 20:35:42 vyatta pluto[4194]: | proposal number: 1
Jan 30 20:35:42 vyatta pluto[4194]: | protocol ID: PROTO_ISAKMP
Jan 30 20:35:42 vyatta pluto[4194]: | SPI size: 0
Jan 30 20:35:42 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:42 vyatta pluto[4194]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 32
Jan 30 20:35:42 vyatta pluto[4194]: | transform number: 1
Jan 30 20:35:42 vyatta pluto[4194]: | transform ID: KEY_IKE
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 5
Jan 30 20:35:42 vyatta pluto[4194]: | [5 is OAKLEY_3DES_CBC]
Jan 30 20:35:42 vyatta pluto[4194]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_MD5]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:42 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 30 20:35:42 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:42 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:42 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:42 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_TYPE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_DURATION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 3600
Jan 30 20:35:42 vyatta pluto[4194]: | Oakley Transform 1 accepted
Jan 30 20:35:42 vyatta pluto[4194]: | sender checking NAT-t: 0 and 0
Jan 30 20:35:42 vyatta pluto[4194]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Jan 30 20:35:42 vyatta pluto[4194]: | asking helper 0 to do build_kenonce op
on seq: 1
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #1
Jan 30 20:35:42 vyatta pluto[4227]: ! helper -1 doing build_kenonce op id: 1
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with
STF_SUSPEND
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 90
seconds
Jan 30 20:35:42 vyatta pluto[4227]: ! Local DH secret:
Jan 30 20:35:42 vyatta pluto[4227]: ! 38 37 73 c9 0d 3c d2 be 99 b6 4a
14 22 2f d7 e2
Jan 30 20:35:42 vyatta pluto[4227]: ! 46 b5 9a b2 a4 3e e8 32 56 73 6e
2e eb db ff 74
Jan 30 20:35:42 vyatta pluto[4227]: ! Public DH value sent:
Jan 30 20:35:42 vyatta pluto[4227]: ! 1d f4 82 6d 30 07 d1 72 11 17 79
8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4227]: ! 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4227]: ! 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4227]: ! a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4227]: ! 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4227]: ! 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4227]: ! 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4227]: ! 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4227]: ! Generated nonce:
Jan 30 20:35:42 vyatta pluto[4227]: ! 3b 19 a8 8a cb 8d 44 7e eb 8a fe
bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 has work (cnt now 0)
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 replies to sequence 1
Jan 30 20:35:42 vyatta pluto[4194]: | calling callback function 0x8064330
Jan 30 20:35:42 vyatta pluto[4194]: | main inR1_outI2: calculated ke+nonce,
sending I2
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 128 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jan 30 20:35:42 vyatta pluto[4194]: | keyex value 1d f4 82 6d 30 07 d1 72
11 17 79 8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Key Exchange
Payload: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of Ni into
ISAKMP Nonce Payload
Jan 30 20:35:42 vyatta pluto[4194]: | Ni 3b 19 a8 8a cb 8d 44 7e eb 8a fe
bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Nonce
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 180
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan 30 20:35:42 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | sending 180 bytes for STATE_MAIN_I1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 04 10 02 00 00 00 00 00 00 00 00
b4 0a 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 1d f4 82 6d 30 07 d1 72 11 17 79
8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 14 3b 19 a8 8a cb 8d 44
7e eb 8a fe bb
Jan 30 20:35:42 vyatta pluto[4194]: | 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I2: sent MI2, expecting MR2
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 184 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 04 10 02 00 00 00 00 00 00 00 00
b8 0a 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 36 16 0c 67 2e 97 ab 42 a7 86
58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 18 dc 01 ba d4 d7 e0 80
25 ae 30 4e 53
Jan 30 20:35:42 vyatta pluto[4194]: | 21 42 3c 30 c5 aa a1 ff
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 184
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I2
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 24
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | DH public value received:
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 36 16 0c 67 2e 97 ab 42 a7 86
58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | thinking about whether to send my
certificate:
Jan 30 20:35:42 vyatta pluto[4194]: | I have RSA key: OAKLEY_PRESHARED_KEY
cert.type: CERT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | sendcert: CERT_ALWAYSSEND and I did
not get a certificate request
Jan 30 20:35:42 vyatta pluto[4194]: | so do not send cert.
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: I did
not send a certificate because I do not have one.
Jan 30 20:35:42 vyatta pluto[4194]: | I am not sending a certificate
request
Jan 30 20:35:42 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:42 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:42 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:42 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:42 vyatta pluto[4194]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1024): 4257 usec
Jan 30 20:35:42 vyatta pluto[4194]: | DH shared secret:
Jan 30 20:35:42 vyatta pluto[4194]: | 9f 1c 7a ab 5f f0 e9 61 ee 4d b6
90 1c 60 8d 38
Jan 30 20:35:42 vyatta pluto[4194]: | 81 b6 d5 55 db f6 d3 31 56 a7 24
d8 32 ce 4d 19
Jan 30 20:35:42 vyatta pluto[4194]: | 13 7a aa f6 e9 81 ff f4 a5 b6 b2
d5 d9 ce 09 9a
Jan 30 20:35:42 vyatta pluto[4194]: | ca eb f0 ff 7e 94 61 2d 05 5b c7
7d 5d a4 ac e0
Jan 30 20:35:42 vyatta pluto[4194]: | 65 00 b4 b1 52 4d b7 59 e6 95 95
76 84 35 d7 74
Jan 30 20:35:42 vyatta pluto[4194]: | 36 02 36 0d 9f d7 7f 52 37 5d ea
db e8 ae 50 29
Jan 30 20:35:42 vyatta pluto[4194]: | e7 e5 08 bf 5c fd 2f a0 e7 29 3b
75 52 30 52 12
Jan 30 20:35:42 vyatta pluto[4194]: | fe 7d fe 02 52 fd 57 02 a9 de 6e
75 c6 a9 c9 fb
Jan 30 20:35:42 vyatta pluto[4194]: | Skey inputs (PSK+NI+NR)
Jan 30 20:35:42 vyatta pluto[4194]: | ni: 3b 19 a8 8a cb 8d 44 7e eb 8a
fe bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | nr: dc 01 ba d4 d7 e0 80 25 ae 30
4e 53 21 42 3c 30
Jan 30 20:35:42 vyatta pluto[4194]: | c5 aa a1 ff
Jan 30 20:35:42 vyatta pluto[4194]: | keyid: 0e a4 2a 2f 0b 1f 07 17 17
a0 26 5c 92 be dd 42
Jan 30 20:35:42 vyatta pluto[4194]: | DH_i: 1d f4 82 6d 30 07 d1 72 11 17
79 8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | DH_r: 6f 36 16 0c 67 2e 97 ab 42 a7
86 58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid: 0e a4 2a 2f 0b 1f 07 17
17 a0 26 5c 92 be dd 42
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_d: 8a 4a 4d dc 53 a9 5e ba
bb d1 c8 60 69 2a 02 00
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_a: e2 ba 52 07 37 22 09 fe
7e 4a b0 ca 3c ca 7e 96
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_e: 27 60 d3 a9 83 b4 a2 70
05 d7 de 52 e4 40 e5 05
Jan 30 20:35:42 vyatta pluto[4194]: | enc key: 78 24 c4 f9 a9 08 3e f3 54
2d 8c 42 0c 57 d9 ca
Jan 30 20:35:42 vyatta pluto[4194]: | 6d c4 27 79 77 c5 b9 eb
Jan 30 20:35:42 vyatta pluto[4194]: | IV: 03 19 ba ca 56 d4 62 d3 14 ea
9c 2f dc 78 8c 50
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of my identity
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | my identity c0 a8 01 0a
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 12
Jan 30 20:35:42 vyatta pluto[4194]: | hashing 48 bytes of SA
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of HASH_I into
ISAKMP Hash Payload
Jan 30 20:35:42 vyatta pluto[4194]: | HASH_I a8 66 a6 2e 58 a8 a4 80 b5
90 1c bf b1 c5 fd 5b
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:42 vyatta pluto[4194]: | 08 00 00 0c 01 00 00 00 c0 a8 01
0a 00 00 00 14
Jan 30 20:35:42 vyatta pluto[4194]: | a8 66 a6 2e 58 a8 a4 80 b5 90 1c
bf b1 c5 fd 5b
Jan 30 20:35:42 vyatta pluto[4194]: | IV:
Jan 30 20:35:42 vyatta pluto[4194]: | 03 19 ba ca 56 d4 62 d3 14 ea 9c
2f dc 78 8c 50
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: 94 c1 fe 4b e2 5b 1e 7c
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 60
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan 30 20:35:42 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | sending 60 bytes for STATE_MAIN_I2
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 05 10 02 01 00 00 00 00 00 00 00
3c ee 83 ab 3c
Jan 30 20:35:42 vyatta pluto[4194]: | e4 f3 86 22 31 2b 69 6c e9 d1 af
7b a5 6c 99 43
Jan 30 20:35:42 vyatta pluto[4194]: | 5e 44 1a d4 94 c1 fe 4b e2 5b 1e
7c
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I3: sent MI3, expecting MR3
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 68 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 05 10 02 01 00 00 00 00 00 00 00
44 cb 78 d6 83
Jan 30 20:35:42 vyatta pluto[4194]: | 8c 8d c1 e7 bf f1 90 29 e5 60 9e
60 72 cb 2a 3b
Jan 30 20:35:42 vyatta pluto[4194]: | 1e 33 d0 e2 ec b6 9b 49 20 c0 72
70 ad 25 8c a2
Jan 30 20:35:42 vyatta pluto[4194]: | 84 e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 68
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I3
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | received encrypted packet from
192.168.1.1:500
Jan 30 20:35:42 vyatta pluto[4194]: | decrypting 40 bytes using algorithm
OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | decrypted:
Jan 30 20:35:42 vyatta pluto[4194]: | 08 00 00 0c 01 11 01 f4 c0 a8 01
01 00 00 00 14
Jan 30 20:35:42 vyatta pluto[4194]: | 9a f1 df 91 d6 8a c9 59 63 59 25
d5 be 7c e9 31
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: ad 25 8c a2 84 e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Identification
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | length: 12
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR
Jan 30 20:35:42 vyatta pluto[4194]: | DOI specific A: 17
Jan 30 20:35:42 vyatta pluto[4194]: | DOI specific B: 500
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 20
Jan 30 20:35:42 vyatta pluto[4194]: | removing 8 bytes of padding
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: Main
mode peer ID is ID_IPV4_ADDR: '192.168.1.1'
Jan 30 20:35:42 vyatta pluto[4194]: | hashing 48 bytes of SA
Jan 30 20:35:42 vyatta pluto[4194]: | authentication succeeded
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_SA_REPLACE,
timeout in 2795 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | unqueuing pending Quick Mode with
192.168.1.1 "peer-192.168.1.1-tunnel-1"
Jan 30 20:35:42 vyatta pluto[4194]: | duplicating state object #1
Jan 30 20:35:42 vyatta pluto[4194]: | creating state object #2 at 0x80ffcb0
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jan 30 20:35:42 vyatta pluto[4194]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Jan 30 20:35:42 vyatta pluto[4194]: | asking helper 0 to do build_kenonce op
on seq: 2
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #2
Jan 30 20:35:42 vyatta pluto[4227]: ! helper -1 doing build_kenonce op id: 2
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 90
seconds
Jan 30 20:35:42 vyatta pluto[4227]: ! Local DH secret:
Jan 30 20:35:42 vyatta pluto[4227]: ! 28 bc 15 73 eb 82 e1 da 68 07 1e
07 3f 8c 18 7a
Jan 30 20:35:42 vyatta pluto[4227]: ! 38 dc ce 18 0d 8a 2e 73 fe f6 78
95 26 fa cc b0
Jan 30 20:35:42 vyatta pluto[4227]: ! Public DH value sent:
Jan 30 20:35:42 vyatta pluto[4227]: ! 7c be 33 5d 08 d6 d9 a4 3c 0a 11
f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4227]: ! 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4227]: ! f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4227]: ! 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4227]: ! 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4227]: ! 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4227]: ! d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4227]: ! c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4227]: ! Generated nonce:
Jan 30 20:35:42 vyatta pluto[4227]: ! 6b 2e d6 57 0e 78 4a 34 81 4b 60
8c 94 48 56 56
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 has work (cnt now 0)
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 replies to sequence 2
Jan 30 20:35:42 vyatta pluto[4194]: | calling callback function 0x806a860
Jan 30 20:35:42 vyatta pluto[4194]: | quick outI1: calculated ke+nonce,
sending I1
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() initial
trans_cnt=28
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() will return
p_new->protoid=3, p_new->trans_cnt=1
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() trans[0]:
transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
Jan 30 20:35:42 vyatta pluto[4194]: | returning new proposal from esp_info
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Security Association
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:42 vyatta pluto[4194]: | ****emit IPsec DOI SIT:
Jan 30 20:35:42 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:42 vyatta pluto[4194]: | out_sa pcn: 0 has 1 valid proposals
Jan 30 20:35:42 vyatta pluto[4194]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jan 30 20:35:42 vyatta pluto[4194]: | ****emit ISAKMP Proposal Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | proposal number: 0
Jan 30 20:35:42 vyatta pluto[4194]: | protocol ID: PROTO_IPSEC_ESP
Jan 30 20:35:42 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:42 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:42 vyatta pluto[4194]: | netlink_get_spi: allocated 0x376d15c4
for esp.0 at 192.168.1.10
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of SPI into
ISAKMP Proposal Payload
Jan 30 20:35:42 vyatta pluto[4194]: | SPI 37 6d 15 c4
Jan 30 20:35:42 vyatta pluto[4194]: | *****emit ISAKMP Transform Payload
(ESP):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | transform number: 0
Jan 30 20:35:42 vyatta pluto[4194]: | transform ID: ESP_3DES
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: GROUP_DESCRIPTION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:42 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: ENCAPSULATION_MODE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: SA_LIFE_TYPE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is SA_LIFE_TYPE_SECONDS]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: SA_LIFE_DURATION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 28800
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: AUTH_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Proposal
Payload: 40
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Security
Association Payload: 52
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of Ni into
ISAKMP Nonce Payload
Jan 30 20:35:42 vyatta pluto[4194]: | Ni 6b 2e d6 57 0e 78 4a 34 81 4b 60
8c 94 48 56 56
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Nonce
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 128 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jan 30 20:35:42 vyatta pluto[4194]: | keyex value 7c be 33 5d 08 d6 d9 a4
3c 0a 11 f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4194]: | 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4194]: | f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4194]: | 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4194]: | 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4194]: | 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4194]: | d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4194]: | c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Key Exchange
Payload: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client network 0a 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client mask ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client network 0a 06 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client mask ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jan 30 20:35:42 vyatta pluto[4194]: | HASH(1) computed:
Jan 30 20:35:42 vyatta pluto[4194]: | f3 d2 6d d3 92 06 76 37 91 d2 c0
42 38 08 2f 2f
Jan 30 20:35:42 vyatta pluto[4194]: | last Phase 1 IV: ad 25 8c a2 84 e6
da 13
Jan 30 20:35:42 vyatta pluto[4194]: | current Phase 1 IV: ad 25 8c a2 84
e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | computed Phase 2 IV:
Jan 30 20:35:42 vyatta pluto[4194]: | dc 12 52 d8 e9 e1 4a 35 1e 9e c3
57 e2 ff 15 06
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:42 vyatta pluto[4194]: | 01 00 00 14 f3 d2 6d d3 92 06 76
37 91 d2 c0 42
Jan 30 20:35:42 vyatta pluto[4194]: | 38 08 2f 2f 0a 00 00 34 00 00 00
01 00 00 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 28 00 03 04 01 37 6d 15
c4 00 00 00 1c
Jan 30 20:35:42 vyatta pluto[4194]: | 00 03 00 00 80 03 00 02 80 04 00
01 80 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 80 02 70 80 80 05 00 01 04 00 00
14 6b 2e d6 57
Jan 30 20:35:42 vyatta pluto[4194]: | 0e 78 4a 34 81 4b 60 8c 94 48 56
56 05 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 7c be 33 5d 08 d6 d9 a4 3c 0a 11
f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4194]: | 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4194]: | f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4194]: | 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4194]: | 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4194]: | 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4194]: | d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4194]: | c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4194]: | 05 00 00 10 04 00 00 00 0a 00 00
00 ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 10 04 00 00 00 0a 06 00
00 ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | IV:
Jan 30 20:35:42 vyatta pluto[4194]: | dc 12 52 d8 e9 e1 4a 35 1e 9e c3
57 e2 ff 15 06
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: 25 f4 53 04 40 e5 6d ba
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 284
Jan 30 20:35:42 vyatta pluto[4194]: | sending 284 bytes for quick_outI1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 01
1c 53 12 2a 34
Jan 30 20:35:42 vyatta pluto[4194]: | 98 ff 24 ef 0f 7d 8d 45 16 4e d1
96 59 79 76 ed
Jan 30 20:35:42 vyatta pluto[4194]: | ce 91 9c 36 70 1c 1f a8 38 69 23
e7 b3 43 ed 7c
Jan 30 20:35:42 vyatta pluto[4194]: | 6e e3 70 76 71 b5 93 96 84 5f ad
ae d7 90 cd fe
Jan 30 20:35:42 vyatta pluto[4194]: | f4 c6 fd 92 5a 08 cd 68 26 58 80
00 2d a0 1b ff
Jan 30 20:35:42 vyatta pluto[4194]: | 20 b0 54 9a b6 64 ac 3c 62 4b 33
9d 1a 70 04 4a
Jan 30 20:35:42 vyatta pluto[4194]: | 7d b6 ab e9 1f 27 ae 54 7e f7 a5
56 e9 c6 7b dc
Jan 30 20:35:42 vyatta pluto[4194]: | 32 71 7b c2 90 50 69 b1 41 6f 02
24 56 59 dd 54
Jan 30 20:35:42 vyatta pluto[4194]: | 0e 4c 48 69 14 d9 9e dd 0f 14 3e
a0 7e c5 b1 d0
Jan 30 20:35:42 vyatta pluto[4194]: | 2d b8 61 78 72 29 ad 18 ec 98 b3
42 de 1f c9 56
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 32 d6 97 47 79 dd 66 66 45 a0
ad 2d b9 4f f2
Jan 30 20:35:42 vyatta pluto[4194]: | 95 f1 09 de 58 1a 50 cf e1 79 19
31 a8 fd 2a e3
Jan 30 20:35:42 vyatta pluto[4194]: | 3a 8a 64 57 42 2e 34 a8 94 70 21
18 31 57 cf 6e
Jan 30 20:35:42 vyatta pluto[4194]: | 1b b1 a4 99 8a 72 de e5 89 b0 3a
87 7c 01 d0 5f
Jan 30 20:35:42 vyatta pluto[4194]: | f2 5d f4 3d c6 c0 e2 67 6b 1b 1d
26 02 9f 2f a5
Jan 30 20:35:42 vyatta pluto[4194]: | c7 7c 89 dd 35 7c e6 45 17 11 c1
06 25 a0 26 94
Jan 30 20:35:42 vyatta pluto[4194]: | 58 78 6a c3 25 f4 53 04 40 e5 6d
ba
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 324 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 01
44 2e 39 f2 c1
Jan 30 20:35:43 vyatta pluto[4194]: | d3 8d da 82 15 ce 72 f1 9e bd 2b
9f 0d 8b d8 b9
Jan 30 20:35:43 vyatta pluto[4194]: | dc b5 57 b1 58 68 ab 33 72 2e 49
1d 8d 4a 20 17
Jan 30 20:35:43 vyatta pluto[4194]: | 51 58 13 82 c4 ce 39 87 0b f5 c2
50 51 fa 63 e4
Jan 30 20:35:43 vyatta pluto[4194]: | f8 38 5e 3d ef a4 e3 be e5 48 15
89 0e 42 68 29
Jan 30 20:35:43 vyatta pluto[4194]: | 92 34 a2 8a 08 b3 87 dc 0a 56 70
5b 04 13 65 3e
Jan 30 20:35:43 vyatta pluto[4194]: | 1f 11 27 66 b8 e5 3f 0c 0c b5 19
74 6e 2a 7c 9b
Jan 30 20:35:43 vyatta pluto[4194]: | 18 63 0d 03 46 d1 ac 8f 6c 73 01
fe fd a4 da a4
Jan 30 20:35:43 vyatta pluto[4194]: | ed 40 74 e7 cf 4d 04 3a 67 d6 7d
3a 30 f6 0f 88
Jan 30 20:35:43 vyatta pluto[4194]: | 69 b4 e0 d4 aa f9 87 c8 8f 01 89
53 d9 76 01 7e
Jan 30 20:35:43 vyatta pluto[4194]: | fd fb 08 ae 47 14 63 80 77 73 de
f5 69 19 77 36
Jan 30 20:35:43 vyatta pluto[4194]: | aa d7 7d ad 88 c2 a7 1e d1 a8 24
76 9b 33 b4 19
Jan 30 20:35:43 vyatta pluto[4194]: | c6 b9 db d2 6d d7 4b 55 cc 89 05
d6 f3 bb 25 33
Jan 30 20:35:43 vyatta pluto[4194]: | bf 9c 76 4f 4e 68 92 86 af 8c 08
b2 4a 29 86 75
Jan 30 20:35:43 vyatta pluto[4194]: | 5f e7 b4 12 23 43 84 86 06 7f 21
e9 02 6f 6c 59
Jan 30 20:35:43 vyatta pluto[4194]: | 33 1d 3a d2 13 8e a2 9a d7 59 e5
62 98 13 e5 9a
Jan 30 20:35:43 vyatta pluto[4194]: | a9 46 84 e5 5e ba b8 10 34 b7 8b
97 8e 06 7a 87
Jan 30 20:35:43 vyatta pluto[4194]: | 67 ee 06 8e 5c 04 15 7b 2b f6 6a
11 3c 85 8c 7a
Jan 30 20:35:43 vyatta pluto[4194]: | ea 74 a8 0b 2a 74 42 aa c4 34 c9
64 82 81 f6 0f
Jan 30 20:35:43 vyatta pluto[4194]: | 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:43 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:43 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:43 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:43 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:43 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:43 vyatta pluto[4194]: | length: 324
Jan 30 20:35:43 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Jan 30 20:35:43 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:43 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:43 vyatta pluto[4194]: | peer and cookies match on #2, provided
msgid 19213d78 vs 19213d78
Jan 30 20:35:43 vyatta pluto[4194]: | state object #2 found, in
STATE_QUICK_I1
Jan 30 20:35:43 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:43 vyatta pluto[4194]: | received encrypted packet from
192.168.1.1:500
Jan 30 20:35:43 vyatta pluto[4194]: | decrypting 296 bytes using algorithm
OAKLEY_3DES_CBC
Jan 30 20:35:43 vyatta pluto[4194]: | decrypted:
Jan 30 20:35:43 vyatta pluto[4194]: | 01 00 00 14 6a 89 c6 d8 bd e4 4a
49 7d 39 9d 05
Jan 30 20:35:43 vyatta pluto[4194]: | 62 cb 65 70 0a 00 00 38 00 00 00
01 00 00 00 01
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 00 2c 01 03 04 01 93 51 c5
c3 00 00 00 20
Jan 30 20:35:43 vyatta pluto[4194]: | 01 03 00 00 80 01 00 01 00 02 00
04 00 00 70 80
Jan 30 20:35:43 vyatta pluto[4194]: | 80 04 00 01 80 05 00 01 80 03 00
02 04 00 00 18
Jan 30 20:35:43 vyatta pluto[4194]: | 18 23 46 f8 42 98 35 33 59 70 dd
40 27 f8 53 d1
Jan 30 20:35:43 vyatta pluto[4194]: | f2 7c 4d 94 05 00 00 84 87 5b 62
70 0b 9c d2 05
Jan 30 20:35:43 vyatta pluto[4194]: | 3b 40 7f 25 f9 4f 90 8d af ad 6a
5f 5a 36 de 23
Jan 30 20:35:43 vyatta pluto[4194]: | 55 fb f8 8d 45 a2 47 d5 d3 6c 40
35 66 55 a0 78
Jan 30 20:35:43 vyatta pluto[4194]: | c9 16 62 e9 f9 ed 7a d3 60 f8 c0
c9 d0 bd 3c a4
Jan 30 20:35:43 vyatta pluto[4194]: | b1 be e6 e3 3d a0 16 d2 c3 6a 74
4b ca 1c 1f 97
Jan 30 20:35:43 vyatta pluto[4194]: | 53 fe c7 9a 33 e3 d8 bb de d5 0b
b1 61 55 2f 15
Jan 30 20:35:43 vyatta pluto[4194]: | 64 5a 5e bf ca c2 0f 23 b6 bf fe
cc b5 52 35 c7
Jan 30 20:35:43 vyatta pluto[4194]: | 05 78 be d7 f3 8c 8e ad 29 d5 eb
c2 91 5f 7b ec
Jan 30 20:35:43 vyatta pluto[4194]: | 39 df ca e5 44 d5 6c e5 05 00 00
10 04 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | 0a 00 00 00 ff ff ff 00 0b 00 00
10 04 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | 0a 06 00 00 ff ff ff 00 00 00 00
1c 00 00 00 01
Jan 30 20:35:43 vyatta pluto[4194]: | 03 04 60 00 93 51 c5 c3 80 01 00
01 00 02 00 04
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 0e 10 00 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | next IV: 82 81 f6 0f 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Hash Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:43 vyatta pluto[4194]: | length: 20
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Security Association
Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 56
Jan 30 20:35:43 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Nonce Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 24
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Key Exchange Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:43 vyatta pluto[4194]: | length: 132
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:43 vyatta pluto[4194]: | length: 16
Jan 30 20:35:43 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:43 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:43 vyatta pluto[4194]: | port: 0
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_N
Jan 30 20:35:43 vyatta pluto[4194]: | length: 16
Jan 30 20:35:43 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:43 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:43 vyatta pluto[4194]: | port: 0
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Notification Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 28
Jan 30 20:35:43 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:43 vyatta pluto[4194]: | protocol ID: 3
Jan 30 20:35:43 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:43 vyatta pluto[4194]: | Notify Message Type:
IPSEC_RESPONDER_LIFETIME
Jan 30 20:35:43 vyatta pluto[4194]: | removing 4 bytes of padding
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Jan 30 20:35:43 vyatta pluto[4194]: | info: 93 51 c5 c3 80 01 00 01 00 02
00 04 00 00 0e 10
Jan 30 20:35:43 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:43 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:43 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:43 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:43 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:43 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:43 vyatta pluto[4194]: | HASH(2) computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 6a 89 c6 d8 bd e4 4a 49 7d 39 9d
05 62 cb 65 70
Jan 30 20:35:43 vyatta pluto[4194]: | ****parse IPsec DOI SIT:
Jan 30 20:35:43 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:43 vyatta pluto[4194]: | ****parse ISAKMP Proposal Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 44
Jan 30 20:35:43 vyatta pluto[4194]: | proposal number: 1
Jan 30 20:35:43 vyatta pluto[4194]: | protocol ID: PROTO_IPSEC_ESP
Jan 30 20:35:43 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:43 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:43 vyatta pluto[4194]: | parsing 4 raw bytes of ISAKMP Proposal
Payload into SPI
Jan 30 20:35:43 vyatta pluto[4194]: | SPI 93 51 c5 c3
Jan 30 20:35:43 vyatta pluto[4194]: | *****parse ISAKMP Transform Payload
(ESP):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 32
Jan 30 20:35:43 vyatta pluto[4194]: | transform number: 1
Jan 30 20:35:43 vyatta pluto[4194]: | transform ID: ESP_3DES
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: SA_LIFE_TYPE
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is SA_LIFE_TYPE_SECONDS]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: SA_LIFE_DURATION (variable
length)
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 4
Jan 30 20:35:43 vyatta pluto[4194]: | long duration: 28800
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: ENCAPSULATION_MODE
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: AUTH_ALGORITHM
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: GROUP_DESCRIPTION
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:43 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:43 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:35:43 vyatta pluto[4194]: | kernel_alg_esp_enc_keylen():alg_id=3,
keylen=24
Jan 30 20:35:43 vyatta pluto[4194]: | DH public value received:
Jan 30 20:35:43 vyatta pluto[4194]: | 87 5b 62 70 0b 9c d2 05 3b 40 7f
25 f9 4f 90 8d
Jan 30 20:35:43 vyatta pluto[4194]: | af ad 6a 5f 5a 36 de 23 55 fb f8
8d 45 a2 47 d5
Jan 30 20:35:43 vyatta pluto[4194]: | d3 6c 40 35 66 55 a0 78 c9 16 62
e9 f9 ed 7a d3
Jan 30 20:35:43 vyatta pluto[4194]: | 60 f8 c0 c9 d0 bd 3c a4 b1 be e6
e3 3d a0 16 d2
Jan 30 20:35:43 vyatta pluto[4194]: | c3 6a 74 4b ca 1c 1f 97 53 fe c7
9a 33 e3 d8 bb
Jan 30 20:35:43 vyatta pluto[4194]: | de d5 0b b1 61 55 2f 15 64 5a 5e
bf ca c2 0f 23
Jan 30 20:35:43 vyatta pluto[4194]: | b6 bf fe cc b5 52 35 c7 05 78 be
d7 f3 8c 8e ad
Jan 30 20:35:43 vyatta pluto[4194]: | 29 d5 eb c2 91 5f 7b ec 39 df ca
e5 44 d5 6c e5
Jan 30 20:35:43 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:43 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:43 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:43 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:43 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:43 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:43 vyatta pluto[4194]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1024): 3896 usec
Jan 30 20:35:43 vyatta pluto[4194]: | DH shared secret:
Jan 30 20:35:43 vyatta pluto[4194]: | 21 2d ff 24 19 0f 27 32 35 29 74
e7 2b ee 4f 33
Jan 30 20:35:43 vyatta pluto[4194]: | 95 68 4a 1d 4b 39 24 1b 9a 81 e0
95 fe f9 9c 01
Jan 30 20:35:43 vyatta pluto[4194]: | 73 e9 c5 d4 4a 9d 1f ea fd 16 d3
cd c0 59 68 93
Jan 30 20:35:43 vyatta pluto[4194]: | a1 50 d1 d7 a5 0c f7 2e 53 72 2b
13 e6 8b 00 a7
Jan 30 20:35:43 vyatta pluto[4194]: | a7 7f 65 48 8d e1 88 e3 a5 da 90
35 8e bf 8e 61
Jan 30 20:35:43 vyatta pluto[4194]: | 91 8a 65 38 69 f2 7b dc d1 25 c3
ea cd 1c 65 c6
Jan 30 20:35:43 vyatta pluto[4194]: | a6 c9 1c 89 0d 25 e8 f4 02 22 98
ea 60 10 6b 78
Jan 30 20:35:43 vyatta pluto[4194]: | f7 1a 68 02 01 8b 53 23 53 b6 41
27 96 60 2d e9
Jan 30 20:35:43 vyatta pluto[4194]: | our client is subnet 10.0.0.0/24
Jan 30 20:35:43 vyatta pluto[4194]: | our client protocol/port is 0/0
Jan 30 20:35:43 vyatta pluto[4194]: | peer client is subnet 10.6.0.0/24
Jan 30 20:35:43 vyatta pluto[4194]: | peer client protocol/port is 0/0
Jan 30 20:35:43 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jan 30 20:35:43 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:43 vyatta pluto[4194]: | HASH(3) computed: 32 59 34 f1 5f 91
4d e0 87 44 59 20 2b f4 66 db
Jan 30 20:35:43 vyatta pluto[4194]: | compute_proto_keymat:needed_len (after
ESP enc)=24
Jan 30 20:35:43 vyatta pluto[4194]: | compute_proto_keymat:needed_len (after
ESP auth)=40
Jan 30 20:35:43 vyatta pluto[4194]: | KEYMAT computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 6e 85 e7 39 75 af 07 1a 23 4b 9e
07 f6 1d 61 c8
Jan 30 20:35:43 vyatta pluto[4194]: | 28 db ab 1c 3a 48 48 93 74 34 a6
11 55 5e 2a 91
Jan 30 20:35:43 vyatta pluto[4194]: | 32 4a 9a 8f d1 cc 73 8f
Jan 30 20:35:43 vyatta pluto[4194]: | Peer KEYMAT computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 5e cb 34 aa 64 7e 1a b6 57 b9 ab
c4 af 40 05 0b
Jan 30 20:35:43 vyatta pluto[4194]: | 4a 52 30 e3 b0 1f 6d e5 74 4e 79
1b b6 aa b8 ed
Jan 30 20:35:43 vyatta pluto[4194]: | c7 a2 c2 b3 24 fb 7e 1c
Jan 30 20:35:43 vyatta pluto[4194]: | install_ipsec_sa() for #2: inbound and
outbound
Jan 30 20:35:43 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" prospective erouted: self; eroute owner: self
Jan 30 20:35:43 vyatta pluto[4194]: | could_route called for
peer-192.168.1.1-tunnel-1 (kind=CK_PERMANENT)
Jan 30 20:35:43 vyatta pluto[4194]: | looking for alg with transid: 3
keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | add inbound eroute 10.6.0.0/24:0 --0->
10.0.0.0/24:0 => tun.10000 at 192.168.1.10 (raw_eroute)
Jan 30 20:35:43 vyatta pluto[4194]: | looking for alg with transid: 3
keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | sr for #2: prospective erouted
Jan 30 20:35:43 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" prospective erouted: self; eroute owner: self
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute with c:
peer-192.168.1.1-tunnel-1 (next: none) ero:peer-192.168.1.1-tunnel-1
esr:{(nil)} ro:peer-192.168.1.1-tunnel-1 rosr:{(nil)} and state: 2
Jan 30 20:35:43 vyatta pluto[4194]: | eroute_connection replace eroute
10.0.0.0/24:0 --0-> 10.6.0.0/24:0 => tun.0 at 192.168.1.1 (raw_eroute)
Jan 30 20:35:43 vyatta pluto[4194]: | command executing up-client
Jan 30 20:35:43 vyatta pluto[4194]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute: firewall_notified:
true
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute: instance
"peer-192.168.1.1-tunnel-1", setting eroute_owner
{spd=0x80fd344,sr=0x80fd344} to #2 (was #0) (newest_ipsec_sa=#0)
Jan 30 20:35:43 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 00 14 32 59 34 f1 5f 91 4d
e0 87 44 59 20
Jan 30 20:35:43 vyatta pluto[4194]: | 2b f4 66 db
Jan 30 20:35:43 vyatta pluto[4194]: | IV:
Jan 30 20:35:43 vyatta pluto[4194]: | 82 81 f6 0f 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | emitting 4 zero bytes of encryption
padding into ISAKMP Message
Jan 30 20:35:43 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:43 vyatta pluto[4194]: | next IV: 40 0d 1e 9d 91 25 b5 c2
Jan 30 20:35:43 vyatta pluto[4194]: | emitting length of ISAKMP Message: 52
Jan 30 20:35:43 vyatta pluto[4194]: | inR1_outI2: instance
peer-192.168.1.1-tunnel-1[0], setting newest_ipsec_sa to #2 (was #0)
(spd.eroute=#2)
Jan 30 20:35:43 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jan 30 20:35:43 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:43 vyatta pluto[4194]: | sending 52 bytes for STATE_QUICK_I1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 00
34 41 4f 0e b4
Jan 30 20:35:43 vyatta pluto[4194]: | 5b 6c 4d 2a a7 76 31 22 ed 72 f2
ef 40 0d 1e 9d
Jan 30 20:35:43 vyatta pluto[4194]: | 91 25 b5 c2
Jan 30 20:35:43 vyatta pluto[4194]: | inserting event EVENT_SA_REPLACE,
timeout in 28208 seconds for #2
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9351c5c3 <0x376d15c4
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Jan 30 20:35:43 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:43 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:43 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 89
seconds
Jan 30 20:37:12 vyatta pluto[4194]: |
Jan 30 20:37:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:37:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:37:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2705 seconds
Jan 30 20:37:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:37:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:37:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:39:12 vyatta pluto[4194]: |
Jan 30 20:39:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:39:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:39:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2585 seconds
Jan 30 20:39:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:39:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:39:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:40:10 vyatta xorpsh: [ 2007/01/30 20:40:10 INFO xorpsh CLI ] cli
command: show vpn ipsec sa
Jan 30 20:40:10 vyatta sudo: root : TTY=pts/0 ; PWD=/etc ; USER=root ;
COMMAND=/opt/vyatta/libexec/xorp/rl_cmd_proc showvpntable
show_vpn_ipsec_sa.xsl
Jan 30 20:40:11 vyatta pluto[4194]: |
Jan 30 20:40:11 vyatta pluto[4194]: | *received whack message
Jan 30 20:40:11 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:40:11 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 61
seconds
Jan 30 20:40:11 vyatta pluto[4194]: |
Jan 30 20:40:11 vyatta pluto[4194]: | *received whack message
Jan 30 20:40:11 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:40:11 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 61
seconds
Jan 30 20:41:12 vyatta pluto[4194]: |
Jan 30 20:41:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:41:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:41:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2465 seconds
Jan 30 20:41:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:41:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:41:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:42:12 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:42:12 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:42:12 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:43:12 vyatta pluto[4194]: |
Jan 30 20:43:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:43:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:43:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2345 seconds
Jan 30 20:43:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:43:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:43:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:45:12 vyatta pluto[4194]: |
Jan 30 20:45:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:45:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:45:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2225 seconds
Jan 30 20:45:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:45:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:45:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:47:12 vyatta pluto[4194]: |
Jan 30 20:47:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:47:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:47:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2105 seconds
Jan 30 20:47:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:47:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:47:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:49:12 vyatta pluto[4194]: |
Jan 30 20:49:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:49:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:49:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1985 seconds
Jan 30 20:49:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:49:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:49:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:51:12 vyatta pluto[4194]: |
Jan 30 20:51:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:51:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:51:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1865 seconds
Jan 30 20:51:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:51:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:51:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:53:12 vyatta pluto[4194]: |
Jan 30 20:53:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:53:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:53:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1745 seconds
Jan 30 20:53:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:53:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:53:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:53:49 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:53:49 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:53:49 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:54 vyatta pluto[4194]: |
Jan 30 20:53:54 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:54 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:54 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 78
seconds
Jan 30 20:53:55 vyatta pluto[4194]: |
Jan 30 20:53:55 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:55 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:55 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 77
seconds
Jan 30 20:53:55 vyatta pluto[4194]: |
Jan 30 20:53:55 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:53:55 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:53:55 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:53:55 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:53:55 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 77
seconds
Jan 30 20:55:12 vyatta pluto[4194]: |
Jan 30 20:55:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:55:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:55:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1625 seconds
Jan 30 20:55:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:55:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:55:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:57:06 vyatta pluto[4194]: |
Jan 30 20:57:06 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:06 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:57:06 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 6
seconds
Jan 30 20:57:06 vyatta pluto[4194]: |
Jan 30 20:57:06 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:06 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:57:06 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 6
seconds
Jan 30 20:57:07 vyatta pluto[4194]: |
Jan 30 20:57:07 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:57:07 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:57:07 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:57:07 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:57:07 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 5
seconds
+ _________________________ plog
+ sed -n '330966,$p' /var/log/messages
+ egrep -i pluto
+ case "$1" in
+ cat
Jan 30 20:35:11 vyatta ipsec__plutorun: Starting Pluto subsystem...
Jan 30 20:35:12 vyatta pluto[4194]: Starting Pluto (Openswan Version 2.4.6
X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID
OElLO]RdWNRD)
Jan 30 20:35:12 vyatta pluto[4194]: Setting NAT-Traversal port-4500 floating
to off
Jan 30 20:35:12 vyatta pluto[4194]: port floating activation criteria
nat_t=0/port_fload=1
Jan 30 20:35:12 vyatta pluto[4194]: including NAT-Traversal patch (Version
0.6c) [disabled]
Jan 30 20:35:12 vyatta pluto[4194]: | opening /dev/hw_random
Jan 30 20:35:12 vyatta pluto[4194]: WARNING: Open of /dev/hw_random failed
in init_rnd_pool(), trying alternate sources of random
Jan 30 20:35:12 vyatta pluto[4194]: | opening /dev/urandom
Jan 30 20:35:12 vyatta pluto[4194]: WARNING: Using /dev/urandom as the
source of random
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_REINIT_SECRET,
timeout in 3600 seconds
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:35:12 vyatta pluto[4194]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Jan 30 20:35:12 vyatta pluto[4194]: starting up 1 cryptographic helpers
Jan 30 20:35:12 vyatta pluto[4227]: | opening /dev/hw_random
Jan 30 20:35:12 vyatta pluto[4227]: WARNING: Open of /dev/hw_random failed
in init_rnd_pool(), trying alternate sources of random
Jan 30 20:35:12 vyatta pluto[4194]: started helper pid=4227 (fd:6)
Jan 30 20:35:12 vyatta pluto[4194]: | process 4194 listening for PF_KEY_V2
on file descriptor 7
Jan 30 20:35:12 vyatta pluto[4194]: Using Linux 2.6 IPsec interface code on
2.6.19
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2,
res=0, seq=1, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 1 for AH
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 02 02 00 00 00 01 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4227]: | opening /dev/urandom
Jan 30 20:35:12 vyatta pluto[4227]: WARNING: Using /dev/urandom as the
source of random
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 1
Jan 30 20:35:12 vyatta pluto[4194]: | AH registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2,
res=0, seq=2, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 2 for ESP
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 03 02 00 00 00 02 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4227]: | certs and keys locked by
'free_preshared_secrets'
Jan 30 20:35:12 vyatta pluto[4227]: | certs and keys unlocked by
'free_preshard_secrets'
Jan 30 20:35:12 vyatta pluto[4227]: ! helper 0 waiting on fd: 7
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 2
Jan 30 20:35:12 vyatta pluto[4194]: | alg_init():memset(0x80faf60, 0, 2016)
memset(0x80fb740, 0, 2048)
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=251
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=2
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0,
alg_minbits=128, alg_maxbits=128, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=3
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0,
alg_minbits=160, alg_maxbits=160, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=14,
alg_id=5
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0,
alg_minbits=256, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=11
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0,
alg_minbits=0, alg_maxbits=0, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=2
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8,
alg_minbits=64, alg_maxbits=64, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=3
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8,
alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=7
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8,
alg_minbits=40, alg_maxbits=448, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=12
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=252
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_add():satype=3, exttype=15,
alg_id=253
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_register_pfkey():
SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8,
alg_minbits=128, alg_maxbits=256, res=0, ret=1
Jan 30 20:35:12 vyatta pluto[4194]: | ESP registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_entry &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650 *pfkey_ext=0p(nil).
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_hdr_build:
on_exit &pfkey_ext=0p0xbfbae630 pfkey_ext=0p0xbfbaf650
*pfkey_ext=0p0x80fe3f8.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
pfkey_msg=0p0x80fe410 allocated 16 bytes, &(extensions[0])=0p0xbfbaf650
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_build:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2,
res=0, seq=3, pid=4194.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
remain=0
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_lib_debug:pfkey_msg_parse:
extensions permitted=00000001, seen=00000001, required=00000001.
Jan 30 20:35:12 vyatta pluto[4194]: | finish_pfkey_msg: SADB_REGISTER
message 3 for IPCOMP
Jan 30 20:35:12 vyatta pluto[4194]: | 02 07 00 09 02 00 00 00 03 00 00
00 62 10 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | pfkey_get: SADB_REGISTER message 3
Jan 30 20:35:12 vyatta pluto[4194]: | IPCOMP registered with kernel.
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/cacerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/aacerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Jan 30 20:35:12 vyatta pluto[4194]: Changing to directory
'/etc/ipsec.d/crls'
Jan 30 20:35:12 vyatta pluto[4194]: Warning: empty directory
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_LOG_DAILY,
timeout in 12288 seconds
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc580, "OAKLEY_3DES")
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_ppfixi () calling
enum_search(0x80dc580, "OAKLEY_3DES_CBC")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
ealg_getbyname("3des")=5
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc5a0, "OAKLEY_MD5")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc5d0, "OAKLEY_GROUP_MODP1024")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
modp_getbyname("modp1024")=2
Jan 30 20:35:12 vyatta pluto[4194]: | __alg_info_ike_add() ealg=5 aalg=1
modp_id=2, cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | Added new connection
peer-192.168.1.1-tunnel-1 with policy PSK+ENCRYPT+TUNNEL+PFS
Jan 30 20:35:12 vyatta pluto[4194]: | from whack: got --esp=3des-md5
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_parse_str() ealg_buf=3des
aalg_buf=md5eklen=0 aklen=0
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc344, "ESP_3DES")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
ealg_getbyname("3des")=3
Jan 30 20:35:12 vyatta pluto[4194]: | enum_search_prefix () calling
enum_search(0x80dc428, "AUTH_ALGORITHM_HMAC_MD5")
Jan 30 20:35:12 vyatta pluto[4194]: | parser_alg_info_add()
aalg_getbyname("md5")=1
Jan 30 20:35:12 vyatta pluto[4194]: | __alg_info_esp_add() ealg=3 aalg=1
cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | esp string values: 3_000-1,
flags=strict
Jan 30 20:35:12 vyatta pluto[4194]: | from whack:
got --ike=3des-md5-modp1024
Jan 30 20:35:12 vyatta pluto[4194]: | ike string values: 5_000-1-2,
flags=strict
Jan 30 20:35:12 vyatta pluto[4194]: | counting wild cards for (none) is 15
Jan 30 20:35:12 vyatta pluto[4194]: | counting wild cards for (none) is 15
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=2
Jan 30 20:35:12 vyatta pluto[4194]: | alg_info_addref() alg_info->ref_cnt=2
Jan 30 20:35:12 vyatta pluto[4194]: added connection description
"peer-192.168.1.1-tunnel-1"
Jan 30 20:35:12 vyatta pluto[4194]: |
10.0.0.0/24===192.168.1.10...192.168.1.1===10.6.0.0/24
Jan 30 20:35:12 vyatta pluto[4194]: | ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy:
PSK+ENCRYPT+TUNNEL+PFS
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: listening for IKE messages
Jan 30 20:35:12 vyatta pluto[4194]: | found lo with address 127.0.0.1
Jan 30 20:35:12 vyatta pluto[4194]: | found eth2 with address 192.168.1.10
Jan 30 20:35:12 vyatta pluto[4194]: | found eth7 with address 10.0.0.233
Jan 30 20:35:12 vyatta pluto[4194]: adding interface eth7/eth7
10.0.0.233:500
Jan 30 20:35:12 vyatta pluto[4194]: adding interface eth2/eth2
192.168.1.10:500
Jan 30 20:35:12 vyatta pluto[4194]: adding interface lo/lo 127.0.0.1:500
Jan 30 20:35:12 vyatta pluto[4194]: | found lo with address
0000:0000:0000:0000:0000:0000:0000:0001
Jan 30 20:35:12 vyatta pluto[4194]: adding interface lo/lo ::1:500
Jan 30 20:35:12 vyatta pluto[4194]: | connect_to_host_pair: 192.168.1.10:500
192.168.1.1:500 -> hp:none
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys locked by
'free_preshared_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys unlocked by
'free_preshard_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: loading secrets from
"/etc/ipsec.secrets"
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys locked by
'process_secret'
Jan 30 20:35:12 vyatta pluto[4194]: | certs and keys unlocked by
'process_secrets'
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" unrouted: NULL; eroute owner: NULL
Jan 30 20:35:12 vyatta pluto[4194]: | could_route called for
peer-192.168.1.1-tunnel-1 (kind=CK_PERMANENT)
Jan 30 20:35:12 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" unrouted: NULL; eroute owner: NULL
Jan 30 20:35:12 vyatta pluto[4194]: | route_and_eroute with c:
peer-192.168.1.1-tunnel-1 (next: none) ero:null esr:{(nil)} ro:null
rosr:{(nil)} and state: 0
Jan 30 20:35:12 vyatta pluto[4194]: | add eroute 10.6.0.0/24:0 --0->
10.0.0.0/24:0 => %trap (raw_eroute)
Jan 30 20:35:12 vyatta pluto[4194]: | eroute_connection add eroute
10.0.0.0/24:0 --0-> 10.6.0.0/24:0 => %trap (raw_eroute)
Jan 30 20:35:12 vyatta pluto[4194]: | route_and_eroute: firewall_notified:
true
Jan 30 20:35:12 vyatta pluto[4194]: | command executing prepare-client
Jan 30 20:35:12 vyatta pluto[4194]: | executing prepare-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS' ipsec _updown
Jan 30 20:35:12 vyatta pluto[4194]: | command executing route-client
Jan 30 20:35:12 vyatta pluto[4194]: | executing route-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='route-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS' ipsec _updown
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:35:12 vyatta pluto[4194]: |
Jan 30 20:35:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() initial
trans_cnt=28
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() will return
p_new->protoid=3, p_new->trans_cnt=1
Jan 30 20:35:12 vyatta pluto[4194]: | kernel_alg_db_new() trans[0]:
transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
Jan 30 20:35:12 vyatta pluto[4194]: | returning new proposal from esp_info
Jan 30 20:35:12 vyatta pluto[4194]: | creating state object #1 at 0x80fe458
Jan 30 20:35:12 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:12 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:12 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:12 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #1
Jan 30 20:35:12 vyatta pluto[4194]: | Queuing pending Quick Mode with
192.168.1.1 "peer-192.168.1.1-tunnel-1"
Jan 30 20:35:12 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
initiating Main Mode
Jan 30 20:35:12 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:12 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:12 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:12 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:12 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:12 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:12 vyatta pluto[4194]: | flags: none
Jan 30 20:35:12 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Security Association
Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:12 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:12 vyatta pluto[4194]: | ****emit IPsec DOI SIT:
Jan 30 20:35:12 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:12 vyatta pluto[4194]: | out_sa pcn: 0 has 1 valid proposals
Jan 30 20:35:12 vyatta pluto[4194]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jan 30 20:35:12 vyatta pluto[4194]: | ****emit ISAKMP Proposal Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | proposal number: 0
Jan 30 20:35:12 vyatta pluto[4194]: | protocol ID: PROTO_ISAKMP
Jan 30 20:35:12 vyatta pluto[4194]: | SPI size: 0
Jan 30 20:35:12 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:12 vyatta pluto[4194]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | transform number: 0
Jan 30 20:35:12 vyatta pluto[4194]: | transform ID: KEY_IKE
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_TYPE
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_DURATION
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 3600
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 5
Jan 30 20:35:12 vyatta pluto[4194]: | [5 is OAKLEY_3DES_CBC]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_MD5]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:12 vyatta pluto[4194]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 30 20:35:12 vyatta pluto[4194]: | ******emit ISAKMP Oakley attribute:
Jan 30 20:35:12 vyatta pluto[4194]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 30 20:35:12 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:12 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 32
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Proposal
Payload: 40
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Security
Association Payload: 52
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Vendor ID Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | emitting 12 raw bytes of Vendor ID
into ISAKMP Vendor ID Payload
Jan 30 20:35:12 vyatta pluto[4194]: | Vendor ID 4f 45 6c 4c 4f 5d 52 64
57 4e 52 44
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Vendor ID
Payload: 16
Jan 30 20:35:12 vyatta pluto[4194]: | ***emit ISAKMP Vendor ID Payload:
Jan 30 20:35:12 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:12 vyatta pluto[4194]: | emitting 16 raw bytes of V_ID into
ISAKMP Vendor ID Payload
Jan 30 20:35:12 vyatta pluto[4194]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86
96 fc 77 57 01 00
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Vendor ID
Payload: 20
Jan 30 20:35:12 vyatta pluto[4194]: | nat traversal enabled: 0
Jan 30 20:35:12 vyatta pluto[4194]: | emitting length of ISAKMP Message: 116
Jan 30 20:35:12 vyatta pluto[4194]: | sending 116 bytes for main_outI1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:12 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:12 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:12 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:12 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:12 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:12 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:12 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:12 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:12 vyatta ipsec__plutorun: 104 "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I1: initiate
Jan 30 20:35:12 vyatta ipsec__plutorun: ...could not start conn
"peer-192.168.1.1-tunnel-1"
Jan 30 20:35:15 vyatta pluto[4194]: | rejected packet:
Jan 30 20:35:15 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:15 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:15 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:15 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:15 vyatta pluto[4194]: | control:
Jan 30 20:35:15 vyatta pluto[4194]: | 18 00 00 00 00 00 00 00 08 00 00
00 01 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | c0 a8 01 0a c0 a8 01 0a 2c 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 0b 00 00 00 71 00 00 00 02 03 01
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 00 02 00 00 00 c0 a8 01
0a 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: | name:
Jan 30 20:35:15 vyatta pluto[4194]: | 02 00 01 f4 c0 a8 01 01 00 00 00
00 00 00 00 00
Jan 30 20:35:15 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ERROR:
asynchronous network error report on eth2 (sport=500) for message to
192.168.1.1 port 500, complainant 192.168.1.10: No route to host [errno 113,
origin ICMP type 3 code 1 (not authenticated)]
Jan 30 20:35:15 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 7
seconds for #1
Jan 30 20:35:22 vyatta pluto[4194]: |
Jan 30 20:35:22 vyatta pluto[4194]: | *time to handle event
Jan 30 20:35:22 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT
Jan 30 20:35:22 vyatta pluto[4194]: | event after this is
EVENT_PENDING_PHASE2 in 110 seconds
Jan 30 20:35:22 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:22 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT for
192.168.1.1 "peer-192.168.1.1-tunnel-1" #1
Jan 30 20:35:22 vyatta pluto[4194]: | sending 116 bytes for EVENT_RETRANSMIT
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:23 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:23 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:23 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:23 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:23 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:23 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:23 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #1
Jan 30 20:35:23 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 20
seconds for #1
Jan 30 20:35:26 vyatta pluto[4194]: | rejected packet:
Jan 30 20:35:26 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:26 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:26 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:26 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:26 vyatta pluto[4194]: | control:
Jan 30 20:35:26 vyatta pluto[4194]: | 18 00 00 00 00 00 00 00 08 00 00
00 01 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | c0 a8 01 0a c0 a8 01 0a 2c 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 0b 00 00 00 71 00 00 00 02 03 01
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 00 02 00 00 00 c0 a8 01
0a 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: | name:
Jan 30 20:35:26 vyatta pluto[4194]: | 02 00 01 f4 c0 a8 01 01 00 00 00
00 00 00 00 00
Jan 30 20:35:26 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ERROR:
asynchronous network error report on eth2 (sport=500) for message to
192.168.1.1 port 500, complainant 192.168.1.10: No route to host [errno 113,
origin ICMP type 3 code 1 (not authenticated)]
Jan 30 20:35:26 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 16
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *time to handle event
Jan 30 20:35:42 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT
Jan 30 20:35:42 vyatta pluto[4194]: | event after this is
EVENT_PENDING_PHASE2 in 90 seconds
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | handling event EVENT_RETRANSMIT for
192.168.1.1 "peer-192.168.1.1-tunnel-1" #1
Jan 30 20:35:42 vyatta pluto[4194]: | sending 116 bytes for EVENT_RETRANSMIT
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 00 00 00
00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
74 0d 00 00 34
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 00 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:42 vyatta pluto[4194]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 10 4f 45 6c 4c 4f 5d 52
64 57 4e 52 44
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:42 vyatta pluto[4194]: | 77 57 01 00
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 40 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 40
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 156 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 01 10 02 00 00 00 00 00 00 00 00
9c 0d 00 00 34
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 01 00 00 00 01 00 00 00
28 01 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 20 01 01 00 00 80 01 00
05 80 02 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 80 04 00 02 80 03 00 01 80 0b 00
01 80 0c 0e 10
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 20 16 6f 93 2d 55 eb 64
d8 e4 df 4f d3
Jan 30 20:35:42 vyatta pluto[4194]: | 7e 23 13 f0 d0 fd 84 51 00 00 00
00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | 0d 00 00 14 af ca d7 13 68 a1 f1
c9 6b 86 96 fc
Jan 30 20:35:42 vyatta pluto[4194]: | 77 57 01 00 00 00 00 18 48 65 61
72 74 42 65 61
Jan 30 20:35:42 vyatta pluto[4194]: | 74 5f 4e 6f 74 69 66 79 38 6b 01
00
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 156
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | state object not found
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I1
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Security Association
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 52
Jan 30 20:35:42 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 32
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_VID
Jan 30 20:35:42 vyatta pluto[4194]: | length: 20
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Vendor ID Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 24
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ignoring
unknown Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: received
Vendor ID payload [Dead Peer Detection]
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: ignoring
Vendor ID payload [HeartBeat Notify 386b0100]
Jan 30 20:35:42 vyatta pluto[4194]: | ****parse IPsec DOI SIT:
Jan 30 20:35:42 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:42 vyatta pluto[4194]: | ****parse ISAKMP Proposal Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 40
Jan 30 20:35:42 vyatta pluto[4194]: | proposal number: 1
Jan 30 20:35:42 vyatta pluto[4194]: | protocol ID: PROTO_ISAKMP
Jan 30 20:35:42 vyatta pluto[4194]: | SPI size: 0
Jan 30 20:35:42 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:42 vyatta pluto[4194]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 32
Jan 30 20:35:42 vyatta pluto[4194]: | transform number: 1
Jan 30 20:35:42 vyatta pluto[4194]: | transform ID: KEY_IKE
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 5
Jan 30 20:35:42 vyatta pluto[4194]: | [5 is OAKLEY_3DES_CBC]
Jan 30 20:35:42 vyatta pluto[4194]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_HASH_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_MD5]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_GROUP_DESCRIPTION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:42 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 30 20:35:42 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:42 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:42 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:42 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_TYPE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 30 20:35:42 vyatta pluto[4194]: | ******parse ISAKMP Oakley attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: OAKLEY_LIFE_DURATION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 3600
Jan 30 20:35:42 vyatta pluto[4194]: | Oakley Transform 1 accepted
Jan 30 20:35:42 vyatta pluto[4194]: | sender checking NAT-t: 0 and 0
Jan 30 20:35:42 vyatta pluto[4194]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Jan 30 20:35:42 vyatta pluto[4194]: | asking helper 0 to do build_kenonce op
on seq: 1
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #1
Jan 30 20:35:42 vyatta pluto[4227]: ! helper -1 doing build_kenonce op id: 1
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with
STF_SUSPEND
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 90
seconds
Jan 30 20:35:42 vyatta pluto[4227]: ! Local DH secret:
Jan 30 20:35:42 vyatta pluto[4227]: ! 38 37 73 c9 0d 3c d2 be 99 b6 4a
14 22 2f d7 e2
Jan 30 20:35:42 vyatta pluto[4227]: ! 46 b5 9a b2 a4 3e e8 32 56 73 6e
2e eb db ff 74
Jan 30 20:35:42 vyatta pluto[4227]: ! Public DH value sent:
Jan 30 20:35:42 vyatta pluto[4227]: ! 1d f4 82 6d 30 07 d1 72 11 17 79
8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4227]: ! 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4227]: ! 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4227]: ! a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4227]: ! 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4227]: ! 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4227]: ! 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4227]: ! 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4227]: ! Generated nonce:
Jan 30 20:35:42 vyatta pluto[4227]: ! 3b 19 a8 8a cb 8d 44 7e eb 8a fe
bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 has work (cnt now 0)
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 replies to sequence 1
Jan 30 20:35:42 vyatta pluto[4194]: | calling callback function 0x8064330
Jan 30 20:35:42 vyatta pluto[4194]: | main inR1_outI2: calculated ke+nonce,
sending I2
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 128 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jan 30 20:35:42 vyatta pluto[4194]: | keyex value 1d f4 82 6d 30 07 d1 72
11 17 79 8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Key Exchange
Payload: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of Ni into
ISAKMP Nonce Payload
Jan 30 20:35:42 vyatta pluto[4194]: | Ni 3b 19 a8 8a cb 8d 44 7e eb 8a fe
bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Nonce
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 180
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 23
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jan 30 20:35:42 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | sending 180 bytes for STATE_MAIN_I1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 04 10 02 00 00 00 00 00 00 00 00
b4 0a 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 1d f4 82 6d 30 07 d1 72 11 17 79
8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 14 3b 19 a8 8a cb 8d 44
7e eb 8a fe bb
Jan 30 20:35:42 vyatta pluto[4194]: | 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I2: sent MI2, expecting MR2
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 184 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 04 10 02 00 00 00 00 00 00 00 00
b8 0a 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 36 16 0c 67 2e 97 ab 42 a7 86
58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 18 dc 01 ba d4 d7 e0 80
25 ae 30 4e 53
Jan 30 20:35:42 vyatta pluto[4194]: | 21 42 3c 30 c5 aa a1 ff
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: none
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 184
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I2
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 24
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | DH public value received:
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 36 16 0c 67 2e 97 ab 42 a7 86
58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | thinking about whether to send my
certificate:
Jan 30 20:35:42 vyatta pluto[4194]: | I have RSA key: OAKLEY_PRESHARED_KEY
cert.type: CERT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | sendcert: CERT_ALWAYSSEND and I did
not get a certificate request
Jan 30 20:35:42 vyatta pluto[4194]: | so do not send cert.
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: I did
not send a certificate because I do not have one.
Jan 30 20:35:42 vyatta pluto[4194]: | I am not sending a certificate
request
Jan 30 20:35:42 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:42 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:42 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:42 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:42 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:42 vyatta pluto[4194]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1024): 4257 usec
Jan 30 20:35:42 vyatta pluto[4194]: | DH shared secret:
Jan 30 20:35:42 vyatta pluto[4194]: | 9f 1c 7a ab 5f f0 e9 61 ee 4d b6
90 1c 60 8d 38
Jan 30 20:35:42 vyatta pluto[4194]: | 81 b6 d5 55 db f6 d3 31 56 a7 24
d8 32 ce 4d 19
Jan 30 20:35:42 vyatta pluto[4194]: | 13 7a aa f6 e9 81 ff f4 a5 b6 b2
d5 d9 ce 09 9a
Jan 30 20:35:42 vyatta pluto[4194]: | ca eb f0 ff 7e 94 61 2d 05 5b c7
7d 5d a4 ac e0
Jan 30 20:35:42 vyatta pluto[4194]: | 65 00 b4 b1 52 4d b7 59 e6 95 95
76 84 35 d7 74
Jan 30 20:35:42 vyatta pluto[4194]: | 36 02 36 0d 9f d7 7f 52 37 5d ea
db e8 ae 50 29
Jan 30 20:35:42 vyatta pluto[4194]: | e7 e5 08 bf 5c fd 2f a0 e7 29 3b
75 52 30 52 12
Jan 30 20:35:42 vyatta pluto[4194]: | fe 7d fe 02 52 fd 57 02 a9 de 6e
75 c6 a9 c9 fb
Jan 30 20:35:42 vyatta pluto[4194]: | Skey inputs (PSK+NI+NR)
Jan 30 20:35:42 vyatta pluto[4194]: | ni: 3b 19 a8 8a cb 8d 44 7e eb 8a
fe bb 55 ca f9 4f
Jan 30 20:35:42 vyatta pluto[4194]: | nr: dc 01 ba d4 d7 e0 80 25 ae 30
4e 53 21 42 3c 30
Jan 30 20:35:42 vyatta pluto[4194]: | c5 aa a1 ff
Jan 30 20:35:42 vyatta pluto[4194]: | keyid: 0e a4 2a 2f 0b 1f 07 17 17
a0 26 5c 92 be dd 42
Jan 30 20:35:42 vyatta pluto[4194]: | DH_i: 1d f4 82 6d 30 07 d1 72 11 17
79 8a a4 27 cb 78
Jan 30 20:35:42 vyatta pluto[4194]: | 59 57 af a1 50 3d 23 44 c7 1d a2
b0 a7 5e a7 77
Jan 30 20:35:42 vyatta pluto[4194]: | 22 5f 04 b7 a2 be 4a 52 42 31 de
52 bc 28 8e 0f
Jan 30 20:35:42 vyatta pluto[4194]: | a7 55 da 54 21 e9 df 7a 5f 9c 54
15 fe 76 a3 64
Jan 30 20:35:42 vyatta pluto[4194]: | 4e 9f ef 56 a7 03 5d 91 e8 c1 d4
de 17 2d d0 3a
Jan 30 20:35:42 vyatta pluto[4194]: | 71 21 eb 79 c9 95 78 99 8d 87 45
b8 23 e4 d7 a0
Jan 30 20:35:42 vyatta pluto[4194]: | 0b cb ea b1 fd 2d d6 af 72 ae 66
e6 88 71 a1 cf
Jan 30 20:35:42 vyatta pluto[4194]: | 8a 85 17 31 33 d0 88 4b b8 0e 4e
29 ef fc f2 52
Jan 30 20:35:42 vyatta pluto[4194]: | DH_r: 6f 36 16 0c 67 2e 97 ab 42 a7
86 58 e7 b7 a2 f1
Jan 30 20:35:42 vyatta pluto[4194]: | 48 44 ee ce 56 90 0b c5 2c fe 48
2d 8d 61 b3 68
Jan 30 20:35:42 vyatta pluto[4194]: | ba 98 25 84 8f 5c 9e eb 6d 55 14
01 c3 81 a3 9a
Jan 30 20:35:42 vyatta pluto[4194]: | 5b 63 62 2e 26 16 0e 97 ff 19 56
17 f6 dd 2a 6a
Jan 30 20:35:42 vyatta pluto[4194]: | cf e2 4a e5 34 3e 9c 25 df 92 ac
0d 0a 04 4b c8
Jan 30 20:35:42 vyatta pluto[4194]: | 24 4c 0f 45 8b d5 59 9d 40 79 70
ec 1d 20 c6 d7
Jan 30 20:35:42 vyatta pluto[4194]: | 31 5e c2 33 39 8e 1e 1b a4 a9 f1
d1 24 54 8e 5c
Jan 30 20:35:42 vyatta pluto[4194]: | 35 71 cc 32 f0 4d 21 9a 33 75 94
04 f1 0b e2 36
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid: 0e a4 2a 2f 0b 1f 07 17
17 a0 26 5c 92 be dd 42
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_d: 8a 4a 4d dc 53 a9 5e ba
bb d1 c8 60 69 2a 02 00
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_a: e2 ba 52 07 37 22 09 fe
7e 4a b0 ca 3c ca 7e 96
Jan 30 20:35:42 vyatta pluto[4194]: | Skeyid_e: 27 60 d3 a9 83 b4 a2 70
05 d7 de 52 e4 40 e5 05
Jan 30 20:35:42 vyatta pluto[4194]: | enc key: 78 24 c4 f9 a9 08 3e f3 54
2d 8c 42 0c 57 d9 ca
Jan 30 20:35:42 vyatta pluto[4194]: | 6d c4 27 79 77 c5 b9 eb
Jan 30 20:35:42 vyatta pluto[4194]: | IV: 03 19 ba ca 56 d4 62 d3 14 ea
9c 2f dc 78 8c 50
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of my identity
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | my identity c0 a8 01 0a
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 12
Jan 30 20:35:42 vyatta pluto[4194]: | hashing 48 bytes of SA
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of HASH_I into
ISAKMP Hash Payload
Jan 30 20:35:42 vyatta pluto[4194]: | HASH_I a8 66 a6 2e 58 a8 a4 80 b5
90 1c bf b1 c5 fd 5b
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:42 vyatta pluto[4194]: | 08 00 00 0c 01 00 00 00 c0 a8 01
0a 00 00 00 14
Jan 30 20:35:42 vyatta pluto[4194]: | a8 66 a6 2e 58 a8 a4 80 b5 90 1c
bf b1 c5 fd 5b
Jan 30 20:35:42 vyatta pluto[4194]: | IV:
Jan 30 20:35:42 vyatta pluto[4194]: | 03 19 ba ca 56 d4 62 d3 14 ea 9c
2f dc 78 8c 50
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: 94 c1 fe 4b e2 5b 1e 7c
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 60
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jan 30 20:35:42 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | sending 60 bytes for STATE_MAIN_I2
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 05 10 02 01 00 00 00 00 00 00 00
3c ee 83 ab 3c
Jan 30 20:35:42 vyatta pluto[4194]: | e4 f3 86 22 31 2b 69 6c e9 d1 af
7b a5 6c 99 43
Jan 30 20:35:42 vyatta pluto[4194]: | 5e 44 1a d4 94 c1 fe 4b e2 5b 1e
7c
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I3: sent MI3, expecting MR3
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 68 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 05 10 02 01 00 00 00 00 00 00 00
44 cb 78 d6 83
Jan 30 20:35:42 vyatta pluto[4194]: | 8c 8d c1 e7 bf f1 90 29 e5 60 9e
60 72 cb 2a 3b
Jan 30 20:35:42 vyatta pluto[4194]: | 1e 33 d0 e2 ec b6 9b 49 20 c0 72
70 ad 25 8c a2
Jan 30 20:35:42 vyatta pluto[4194]: | 84 e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_IDPROT
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | length: 68
Jan 30 20:35:42 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000
Jan 30 20:35:42 vyatta pluto[4194]: | state object #1 found, in
STATE_MAIN_I3
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | received encrypted packet from
192.168.1.1:500
Jan 30 20:35:42 vyatta pluto[4194]: | decrypting 40 bytes using algorithm
OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | decrypted:
Jan 30 20:35:42 vyatta pluto[4194]: | 08 00 00 0c 01 11 01 f4 c0 a8 01
01 00 00 00 14
Jan 30 20:35:42 vyatta pluto[4194]: | 9a f1 df 91 d6 8a c9 59 63 59 25
d5 be 7c e9 31
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 00 00 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: ad 25 8c a2 84 e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Identification
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | length: 12
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR
Jan 30 20:35:42 vyatta pluto[4194]: | DOI specific A: 17
Jan 30 20:35:42 vyatta pluto[4194]: | DOI specific B: 500
Jan 30 20:35:42 vyatta pluto[4194]: | ***parse ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | length: 20
Jan 30 20:35:42 vyatta pluto[4194]: | removing 8 bytes of padding
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1: Main
mode peer ID is ID_IPV4_ADDR: '192.168.1.1'
Jan 30 20:35:42 vyatta pluto[4194]: | hashing 48 bytes of SA
Jan 30 20:35:42 vyatta pluto[4194]: | authentication succeeded
Jan 30 20:35:42 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_SA_REPLACE,
timeout in 2795 seconds for #1
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #1:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Jan 30 20:35:42 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:42 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:42 vyatta pluto[4194]: | unqueuing pending Quick Mode with
192.168.1.1 "peer-192.168.1.1-tunnel-1"
Jan 30 20:35:42 vyatta pluto[4194]: | duplicating state object #1
Jan 30 20:35:42 vyatta pluto[4194]: | creating state object #2 at 0x80ffcb0
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:42 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jan 30 20:35:42 vyatta pluto[4194]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Jan 30 20:35:42 vyatta pluto[4194]: | asking helper 0 to do build_kenonce op
on seq: 2
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #2
Jan 30 20:35:42 vyatta pluto[4227]: ! helper -1 doing build_kenonce op id: 2
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 90
seconds
Jan 30 20:35:42 vyatta pluto[4227]: ! Local DH secret:
Jan 30 20:35:42 vyatta pluto[4227]: ! 28 bc 15 73 eb 82 e1 da 68 07 1e
07 3f 8c 18 7a
Jan 30 20:35:42 vyatta pluto[4227]: ! 38 dc ce 18 0d 8a 2e 73 fe f6 78
95 26 fa cc b0
Jan 30 20:35:42 vyatta pluto[4227]: ! Public DH value sent:
Jan 30 20:35:42 vyatta pluto[4227]: ! 7c be 33 5d 08 d6 d9 a4 3c 0a 11
f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4227]: ! 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4227]: ! f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4227]: ! 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4227]: ! 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4227]: ! 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4227]: ! d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4227]: ! c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4227]: ! Generated nonce:
Jan 30 20:35:42 vyatta pluto[4227]: ! 6b 2e d6 57 0e 78 4a 34 81 4b 60
8c 94 48 56 56
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 has work (cnt now 0)
Jan 30 20:35:42 vyatta pluto[4194]: | helper 0 replies to sequence 2
Jan 30 20:35:42 vyatta pluto[4194]: | calling callback function 0x806a860
Jan 30 20:35:42 vyatta pluto[4194]: | quick outI1: calculated ke+nonce,
sending I1
Jan 30 20:35:42 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:42 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:42 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:42 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:42 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:42 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:42 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:42 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:42 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() initial
trans_cnt=28
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() will return
p_new->protoid=3, p_new->trans_cnt=1
Jan 30 20:35:42 vyatta pluto[4194]: | kernel_alg_db_new() trans[0]:
transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
Jan 30 20:35:42 vyatta pluto[4194]: | returning new proposal from esp_info
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Security Association
Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:42 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:42 vyatta pluto[4194]: | ****emit IPsec DOI SIT:
Jan 30 20:35:42 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:42 vyatta pluto[4194]: | out_sa pcn: 0 has 1 valid proposals
Jan 30 20:35:42 vyatta pluto[4194]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Jan 30 20:35:42 vyatta pluto[4194]: | ****emit ISAKMP Proposal Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | proposal number: 0
Jan 30 20:35:42 vyatta pluto[4194]: | protocol ID: PROTO_IPSEC_ESP
Jan 30 20:35:42 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:42 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:42 vyatta pluto[4194]: | netlink_get_spi: allocated 0x376d15c4
for esp.0 at 192.168.1.10
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of SPI into
ISAKMP Proposal Payload
Jan 30 20:35:42 vyatta pluto[4194]: | SPI 37 6d 15 c4
Jan 30 20:35:42 vyatta pluto[4194]: | *****emit ISAKMP Transform Payload
(ESP):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | transform number: 0
Jan 30 20:35:42 vyatta pluto[4194]: | transform ID: ESP_3DES
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: GROUP_DESCRIPTION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:42 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: ENCAPSULATION_MODE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: SA_LIFE_TYPE
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is SA_LIFE_TYPE_SECONDS]
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: SA_LIFE_DURATION
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 28800
Jan 30 20:35:42 vyatta pluto[4194]: | ******emit ISAKMP IPsec DOI attribute:
Jan 30 20:35:42 vyatta pluto[4194]: | af+type: AUTH_ALGORITHM
Jan 30 20:35:42 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:42 vyatta pluto[4194]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Transform
Payload (ESP): 28
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Proposal
Payload: 40
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Security
Association Payload: 52
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Nonce Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 16 raw bytes of Ni into
ISAKMP Nonce Payload
Jan 30 20:35:42 vyatta pluto[4194]: | Ni 6b 2e d6 57 0e 78 4a 34 81 4b 60
8c 94 48 56 56
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Nonce
Payload: 20
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Key Exchange Payload:
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 128 raw bytes of keyex value
into ISAKMP Key Exchange Payload
Jan 30 20:35:42 vyatta pluto[4194]: | keyex value 7c be 33 5d 08 d6 d9 a4
3c 0a 11 f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4194]: | 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4194]: | f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4194]: | 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4194]: | 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4194]: | 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4194]: | d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4194]: | c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Key Exchange
Payload: 132
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client network 0a 00 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client mask ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jan 30 20:35:42 vyatta pluto[4194]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:42 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:42 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:42 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:42 vyatta pluto[4194]: | port: 0
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client network
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client network 0a 06 00 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting 4 raw bytes of client mask
into ISAKMP Identification Payload (IPsec DOI)
Jan 30 20:35:42 vyatta pluto[4194]: | client mask ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 16
Jan 30 20:35:42 vyatta pluto[4194]: | HASH(1) computed:
Jan 30 20:35:42 vyatta pluto[4194]: | f3 d2 6d d3 92 06 76 37 91 d2 c0
42 38 08 2f 2f
Jan 30 20:35:42 vyatta pluto[4194]: | last Phase 1 IV: ad 25 8c a2 84 e6
da 13
Jan 30 20:35:42 vyatta pluto[4194]: | current Phase 1 IV: ad 25 8c a2 84
e6 da 13
Jan 30 20:35:42 vyatta pluto[4194]: | computed Phase 2 IV:
Jan 30 20:35:42 vyatta pluto[4194]: | dc 12 52 d8 e9 e1 4a 35 1e 9e c3
57 e2 ff 15 06
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:42 vyatta pluto[4194]: | 01 00 00 14 f3 d2 6d d3 92 06 76
37 91 d2 c0 42
Jan 30 20:35:42 vyatta pluto[4194]: | 38 08 2f 2f 0a 00 00 34 00 00 00
01 00 00 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 28 00 03 04 01 37 6d 15
c4 00 00 00 1c
Jan 30 20:35:42 vyatta pluto[4194]: | 00 03 00 00 80 03 00 02 80 04 00
01 80 01 00 01
Jan 30 20:35:42 vyatta pluto[4194]: | 80 02 70 80 80 05 00 01 04 00 00
14 6b 2e d6 57
Jan 30 20:35:42 vyatta pluto[4194]: | 0e 78 4a 34 81 4b 60 8c 94 48 56
56 05 00 00 84
Jan 30 20:35:42 vyatta pluto[4194]: | 7c be 33 5d 08 d6 d9 a4 3c 0a 11
f6 47 06 da c2
Jan 30 20:35:42 vyatta pluto[4194]: | 7c b8 9e d2 34 07 3e 5a 2f 3b 52
84 d5 08 f2 d8
Jan 30 20:35:42 vyatta pluto[4194]: | f2 f6 bb 77 20 73 1d 91 db ed b8
a5 aa 76 0c 8f
Jan 30 20:35:42 vyatta pluto[4194]: | 47 7e 0e 7c f9 72 4c ab 2b be 55
98 7f 79 d3 76
Jan 30 20:35:42 vyatta pluto[4194]: | 9a 3e eb 08 56 89 3a 97 0e 5e 61
cc 37 3b cc b9
Jan 30 20:35:42 vyatta pluto[4194]: | 6c 3a d7 15 6e a8 41 ac 91 d2 1c
01 3b 44 41 74
Jan 30 20:35:42 vyatta pluto[4194]: | d7 3c aa a4 cc 52 5d 12 a3 d1 da
5c 1b 72 de 9a
Jan 30 20:35:42 vyatta pluto[4194]: | c3 f7 4c f3 8d 70 9e 82 98 e6 f7
1f 0b 33 1d 0e
Jan 30 20:35:42 vyatta pluto[4194]: | 05 00 00 10 04 00 00 00 0a 00 00
00 ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | 00 00 00 10 04 00 00 00 0a 06 00
00 ff ff ff 00
Jan 30 20:35:42 vyatta pluto[4194]: | IV:
Jan 30 20:35:42 vyatta pluto[4194]: | dc 12 52 d8 e9 e1 4a 35 1e 9e c3
57 e2 ff 15 06
Jan 30 20:35:42 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:42 vyatta pluto[4194]: | next IV: 25 f4 53 04 40 e5 6d ba
Jan 30 20:35:42 vyatta pluto[4194]: | emitting length of ISAKMP Message: 284
Jan 30 20:35:42 vyatta pluto[4194]: | sending 284 bytes for quick_outI1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:42 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:42 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 01
1c 53 12 2a 34
Jan 30 20:35:42 vyatta pluto[4194]: | 98 ff 24 ef 0f 7d 8d 45 16 4e d1
96 59 79 76 ed
Jan 30 20:35:42 vyatta pluto[4194]: | ce 91 9c 36 70 1c 1f a8 38 69 23
e7 b3 43 ed 7c
Jan 30 20:35:42 vyatta pluto[4194]: | 6e e3 70 76 71 b5 93 96 84 5f ad
ae d7 90 cd fe
Jan 30 20:35:42 vyatta pluto[4194]: | f4 c6 fd 92 5a 08 cd 68 26 58 80
00 2d a0 1b ff
Jan 30 20:35:42 vyatta pluto[4194]: | 20 b0 54 9a b6 64 ac 3c 62 4b 33
9d 1a 70 04 4a
Jan 30 20:35:42 vyatta pluto[4194]: | 7d b6 ab e9 1f 27 ae 54 7e f7 a5
56 e9 c6 7b dc
Jan 30 20:35:42 vyatta pluto[4194]: | 32 71 7b c2 90 50 69 b1 41 6f 02
24 56 59 dd 54
Jan 30 20:35:42 vyatta pluto[4194]: | 0e 4c 48 69 14 d9 9e dd 0f 14 3e
a0 7e c5 b1 d0
Jan 30 20:35:42 vyatta pluto[4194]: | 2d b8 61 78 72 29 ad 18 ec 98 b3
42 de 1f c9 56
Jan 30 20:35:42 vyatta pluto[4194]: | 6f 32 d6 97 47 79 dd 66 66 45 a0
ad 2d b9 4f f2
Jan 30 20:35:42 vyatta pluto[4194]: | 95 f1 09 de 58 1a 50 cf e1 79 19
31 a8 fd 2a e3
Jan 30 20:35:42 vyatta pluto[4194]: | 3a 8a 64 57 42 2e 34 a8 94 70 21
18 31 57 cf 6e
Jan 30 20:35:42 vyatta pluto[4194]: | 1b b1 a4 99 8a 72 de e5 89 b0 3a
87 7c 01 d0 5f
Jan 30 20:35:42 vyatta pluto[4194]: | f2 5d f4 3d c6 c0 e2 67 6b 1b 1d
26 02 9f 2f a5
Jan 30 20:35:42 vyatta pluto[4194]: | c7 7c 89 dd 35 7c e6 45 17 11 c1
06 25 a0 26 94
Jan 30 20:35:42 vyatta pluto[4194]: | 58 78 6a c3 25 f4 53 04 40 e5 6d
ba
Jan 30 20:35:42 vyatta pluto[4194]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Jan 30 20:35:42 vyatta pluto[4194]: |
Jan 30 20:35:42 vyatta pluto[4194]: | *received 324 bytes from
192.168.1.1:500 on eth2 (port=500)
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 01
44 2e 39 f2 c1
Jan 30 20:35:43 vyatta pluto[4194]: | d3 8d da 82 15 ce 72 f1 9e bd 2b
9f 0d 8b d8 b9
Jan 30 20:35:43 vyatta pluto[4194]: | dc b5 57 b1 58 68 ab 33 72 2e 49
1d 8d 4a 20 17
Jan 30 20:35:43 vyatta pluto[4194]: | 51 58 13 82 c4 ce 39 87 0b f5 c2
50 51 fa 63 e4
Jan 30 20:35:43 vyatta pluto[4194]: | f8 38 5e 3d ef a4 e3 be e5 48 15
89 0e 42 68 29
Jan 30 20:35:43 vyatta pluto[4194]: | 92 34 a2 8a 08 b3 87 dc 0a 56 70
5b 04 13 65 3e
Jan 30 20:35:43 vyatta pluto[4194]: | 1f 11 27 66 b8 e5 3f 0c 0c b5 19
74 6e 2a 7c 9b
Jan 30 20:35:43 vyatta pluto[4194]: | 18 63 0d 03 46 d1 ac 8f 6c 73 01
fe fd a4 da a4
Jan 30 20:35:43 vyatta pluto[4194]: | ed 40 74 e7 cf 4d 04 3a 67 d6 7d
3a 30 f6 0f 88
Jan 30 20:35:43 vyatta pluto[4194]: | 69 b4 e0 d4 aa f9 87 c8 8f 01 89
53 d9 76 01 7e
Jan 30 20:35:43 vyatta pluto[4194]: | fd fb 08 ae 47 14 63 80 77 73 de
f5 69 19 77 36
Jan 30 20:35:43 vyatta pluto[4194]: | aa d7 7d ad 88 c2 a7 1e d1 a8 24
76 9b 33 b4 19
Jan 30 20:35:43 vyatta pluto[4194]: | c6 b9 db d2 6d d7 4b 55 cc 89 05
d6 f3 bb 25 33
Jan 30 20:35:43 vyatta pluto[4194]: | bf 9c 76 4f 4e 68 92 86 af 8c 08
b2 4a 29 86 75
Jan 30 20:35:43 vyatta pluto[4194]: | 5f e7 b4 12 23 43 84 86 06 7f 21
e9 02 6f 6c 59
Jan 30 20:35:43 vyatta pluto[4194]: | 33 1d 3a d2 13 8e a2 9a d7 59 e5
62 98 13 e5 9a
Jan 30 20:35:43 vyatta pluto[4194]: | a9 46 84 e5 5e ba b8 10 34 b7 8b
97 8e 06 7a 87
Jan 30 20:35:43 vyatta pluto[4194]: | 67 ee 06 8e 5c 04 15 7b 2b f6 6a
11 3c 85 8c 7a
Jan 30 20:35:43 vyatta pluto[4194]: | ea 74 a8 0b 2a 74 42 aa c4 34 c9
64 82 81 f6 0f
Jan 30 20:35:43 vyatta pluto[4194]: | 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | **parse ISAKMP Message:
Jan 30 20:35:43 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:43 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:43 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:43 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:43 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:43 vyatta pluto[4194]: | length: 324
Jan 30 20:35:43 vyatta pluto[4194]: | processing packet with exchange
type=ISAKMP_XCHG_QUICK (32)
Jan 30 20:35:43 vyatta pluto[4194]: | ICOOKIE: 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | RCOOKIE: c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | peer: c0 a8 01 01
Jan 30 20:35:43 vyatta pluto[4194]: | state hash entry 19
Jan 30 20:35:43 vyatta pluto[4194]: | peer and cookies match on #2, provided
msgid 19213d78 vs 19213d78
Jan 30 20:35:43 vyatta pluto[4194]: | state object #2 found, in
STATE_QUICK_I1
Jan 30 20:35:43 vyatta pluto[4194]: | processing connection
peer-192.168.1.1-tunnel-1
Jan 30 20:35:43 vyatta pluto[4194]: | received encrypted packet from
192.168.1.1:500
Jan 30 20:35:43 vyatta pluto[4194]: | decrypting 296 bytes using algorithm
OAKLEY_3DES_CBC
Jan 30 20:35:43 vyatta pluto[4194]: | decrypted:
Jan 30 20:35:43 vyatta pluto[4194]: | 01 00 00 14 6a 89 c6 d8 bd e4 4a
49 7d 39 9d 05
Jan 30 20:35:43 vyatta pluto[4194]: | 62 cb 65 70 0a 00 00 38 00 00 00
01 00 00 00 01
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 00 2c 01 03 04 01 93 51 c5
c3 00 00 00 20
Jan 30 20:35:43 vyatta pluto[4194]: | 01 03 00 00 80 01 00 01 00 02 00
04 00 00 70 80
Jan 30 20:35:43 vyatta pluto[4194]: | 80 04 00 01 80 05 00 01 80 03 00
02 04 00 00 18
Jan 30 20:35:43 vyatta pluto[4194]: | 18 23 46 f8 42 98 35 33 59 70 dd
40 27 f8 53 d1
Jan 30 20:35:43 vyatta pluto[4194]: | f2 7c 4d 94 05 00 00 84 87 5b 62
70 0b 9c d2 05
Jan 30 20:35:43 vyatta pluto[4194]: | 3b 40 7f 25 f9 4f 90 8d af ad 6a
5f 5a 36 de 23
Jan 30 20:35:43 vyatta pluto[4194]: | 55 fb f8 8d 45 a2 47 d5 d3 6c 40
35 66 55 a0 78
Jan 30 20:35:43 vyatta pluto[4194]: | c9 16 62 e9 f9 ed 7a d3 60 f8 c0
c9 d0 bd 3c a4
Jan 30 20:35:43 vyatta pluto[4194]: | b1 be e6 e3 3d a0 16 d2 c3 6a 74
4b ca 1c 1f 97
Jan 30 20:35:43 vyatta pluto[4194]: | 53 fe c7 9a 33 e3 d8 bb de d5 0b
b1 61 55 2f 15
Jan 30 20:35:43 vyatta pluto[4194]: | 64 5a 5e bf ca c2 0f 23 b6 bf fe
cc b5 52 35 c7
Jan 30 20:35:43 vyatta pluto[4194]: | 05 78 be d7 f3 8c 8e ad 29 d5 eb
c2 91 5f 7b ec
Jan 30 20:35:43 vyatta pluto[4194]: | 39 df ca e5 44 d5 6c e5 05 00 00
10 04 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | 0a 00 00 00 ff ff ff 00 0b 00 00
10 04 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | 0a 06 00 00 ff ff ff 00 00 00 00
1c 00 00 00 01
Jan 30 20:35:43 vyatta pluto[4194]: | 03 04 60 00 93 51 c5 c3 80 01 00
01 00 02 00 04
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 0e 10 00 00 00 00
Jan 30 20:35:43 vyatta pluto[4194]: | next IV: 82 81 f6 0f 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Hash Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_SA
Jan 30 20:35:43 vyatta pluto[4194]: | length: 20
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Security Association
Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type:
ISAKMP_NEXT_NONCE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 56
Jan 30 20:35:43 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Nonce Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_KE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 24
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Key Exchange Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:43 vyatta pluto[4194]: | length: 132
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_ID
Jan 30 20:35:43 vyatta pluto[4194]: | length: 16
Jan 30 20:35:43 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:43 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:43 vyatta pluto[4194]: | port: 0
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Identification Payload
(IPsec DOI):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_N
Jan 30 20:35:43 vyatta pluto[4194]: | length: 16
Jan 30 20:35:43 vyatta pluto[4194]: | ID type: ID_IPV4_ADDR_SUBNET
Jan 30 20:35:43 vyatta pluto[4194]: | Protocol ID: 0
Jan 30 20:35:43 vyatta pluto[4194]: | port: 0
Jan 30 20:35:43 vyatta pluto[4194]: | ***parse ISAKMP Notification Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 28
Jan 30 20:35:43 vyatta pluto[4194]: | DOI: ISAKMP_DOI_IPSEC
Jan 30 20:35:43 vyatta pluto[4194]: | protocol ID: 3
Jan 30 20:35:43 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:43 vyatta pluto[4194]: | Notify Message Type:
IPSEC_RESPONDER_LIFETIME
Jan 30 20:35:43 vyatta pluto[4194]: | removing 4 bytes of padding
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Jan 30 20:35:43 vyatta pluto[4194]: | info: 93 51 c5 c3 80 01 00 01 00 02
00 04 00 00 0e 10
Jan 30 20:35:43 vyatta pluto[4194]: | **emit ISAKMP Message:
Jan 30 20:35:43 vyatta pluto[4194]: | initiator cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21
Jan 30 20:35:43 vyatta pluto[4194]: | responder cookie:
Jan 30 20:35:43 vyatta pluto[4194]: | c0 f8 c2 a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_HASH
Jan 30 20:35:43 vyatta pluto[4194]: | ISAKMP version: ISAKMP Version 1.0
Jan 30 20:35:43 vyatta pluto[4194]: | exchange type: ISAKMP_XCHG_QUICK
Jan 30 20:35:43 vyatta pluto[4194]: | flags: ISAKMP_FLAG_ENCRYPTION
Jan 30 20:35:43 vyatta pluto[4194]: | message ID: 19 21 3d 78
Jan 30 20:35:43 vyatta pluto[4194]: | HASH(2) computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 6a 89 c6 d8 bd e4 4a 49 7d 39 9d
05 62 cb 65 70
Jan 30 20:35:43 vyatta pluto[4194]: | ****parse IPsec DOI SIT:
Jan 30 20:35:43 vyatta pluto[4194]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Jan 30 20:35:43 vyatta pluto[4194]: | ****parse ISAKMP Proposal Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 44
Jan 30 20:35:43 vyatta pluto[4194]: | proposal number: 1
Jan 30 20:35:43 vyatta pluto[4194]: | protocol ID: PROTO_IPSEC_ESP
Jan 30 20:35:43 vyatta pluto[4194]: | SPI size: 4
Jan 30 20:35:43 vyatta pluto[4194]: | number of transforms: 1
Jan 30 20:35:43 vyatta pluto[4194]: | parsing 4 raw bytes of ISAKMP Proposal
Payload into SPI
Jan 30 20:35:43 vyatta pluto[4194]: | SPI 93 51 c5 c3
Jan 30 20:35:43 vyatta pluto[4194]: | *****parse ISAKMP Transform Payload
(ESP):
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | length: 32
Jan 30 20:35:43 vyatta pluto[4194]: | transform number: 1
Jan 30 20:35:43 vyatta pluto[4194]: | transform ID: ESP_3DES
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: SA_LIFE_TYPE
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is SA_LIFE_TYPE_SECONDS]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: SA_LIFE_DURATION (variable
length)
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 4
Jan 30 20:35:43 vyatta pluto[4194]: | long duration: 28800
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: ENCAPSULATION_MODE
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: AUTH_ALGORITHM
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 1
Jan 30 20:35:43 vyatta pluto[4194]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Jan 30 20:35:43 vyatta pluto[4194]: | ******parse ISAKMP IPsec DOI
attribute:
Jan 30 20:35:43 vyatta pluto[4194]: | af+type: GROUP_DESCRIPTION
Jan 30 20:35:43 vyatta pluto[4194]: | length/value: 2
Jan 30 20:35:43 vyatta pluto[4194]: | [2 is OAKLEY_GROUP_MODP1024]
Jan 30 20:35:43 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:35:43 vyatta pluto[4194]: | kernel_alg_esp_enc_keylen():alg_id=3,
keylen=24
Jan 30 20:35:43 vyatta pluto[4194]: | DH public value received:
Jan 30 20:35:43 vyatta pluto[4194]: | 87 5b 62 70 0b 9c d2 05 3b 40 7f
25 f9 4f 90 8d
Jan 30 20:35:43 vyatta pluto[4194]: | af ad 6a 5f 5a 36 de 23 55 fb f8
8d 45 a2 47 d5
Jan 30 20:35:43 vyatta pluto[4194]: | d3 6c 40 35 66 55 a0 78 c9 16 62
e9 f9 ed 7a d3
Jan 30 20:35:43 vyatta pluto[4194]: | 60 f8 c0 c9 d0 bd 3c a4 b1 be e6
e3 3d a0 16 d2
Jan 30 20:35:43 vyatta pluto[4194]: | c3 6a 74 4b ca 1c 1f 97 53 fe c7
9a 33 e3 d8 bb
Jan 30 20:35:43 vyatta pluto[4194]: | de d5 0b b1 61 55 2f 15 64 5a 5e
bf ca c2 0f 23
Jan 30 20:35:43 vyatta pluto[4194]: | b6 bf fe cc b5 52 35 c7 05 78 be
d7 f3 8c 8e ad
Jan 30 20:35:43 vyatta pluto[4194]: | 29 d5 eb c2 91 5f 7b ec 39 df ca
e5 44 d5 6c e5
Jan 30 20:35:43 vyatta pluto[4194]: | started looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:43 vyatta pluto[4194]: | actually looking for secret for
192.168.1.10->192.168.1.1 of kind PPK_PSK
Jan 30 20:35:43 vyatta pluto[4194]: | 1: compared PSK 192.168.1.1 to
192.168.1.10 / 192.168.1.1 -> 2
Jan 30 20:35:43 vyatta pluto[4194]: | 2: compared PSK 192.168.1.10 to
192.168.1.10 / 192.168.1.1 -> 6
Jan 30 20:35:43 vyatta pluto[4194]: | best_match 0>6 best=0x80fdef0 (line=1)
Jan 30 20:35:43 vyatta pluto[4194]: | concluding with best_match=6
best=0x80fdef0 (lineno=1)
Jan 30 20:35:43 vyatta pluto[4194]: | calc_dh_shared(): time elapsed
(OAKLEY_GROUP_MODP1024): 3896 usec
Jan 30 20:35:43 vyatta pluto[4194]: | DH shared secret:
Jan 30 20:35:43 vyatta pluto[4194]: | 21 2d ff 24 19 0f 27 32 35 29 74
e7 2b ee 4f 33
Jan 30 20:35:43 vyatta pluto[4194]: | 95 68 4a 1d 4b 39 24 1b 9a 81 e0
95 fe f9 9c 01
Jan 30 20:35:43 vyatta pluto[4194]: | 73 e9 c5 d4 4a 9d 1f ea fd 16 d3
cd c0 59 68 93
Jan 30 20:35:43 vyatta pluto[4194]: | a1 50 d1 d7 a5 0c f7 2e 53 72 2b
13 e6 8b 00 a7
Jan 30 20:35:43 vyatta pluto[4194]: | a7 7f 65 48 8d e1 88 e3 a5 da 90
35 8e bf 8e 61
Jan 30 20:35:43 vyatta pluto[4194]: | 91 8a 65 38 69 f2 7b dc d1 25 c3
ea cd 1c 65 c6
Jan 30 20:35:43 vyatta pluto[4194]: | a6 c9 1c 89 0d 25 e8 f4 02 22 98
ea 60 10 6b 78
Jan 30 20:35:43 vyatta pluto[4194]: | f7 1a 68 02 01 8b 53 23 53 b6 41
27 96 60 2d e9
Jan 30 20:35:43 vyatta pluto[4194]: | our client is subnet 10.0.0.0/24
Jan 30 20:35:43 vyatta pluto[4194]: | our client protocol/port is 0/0
Jan 30 20:35:43 vyatta pluto[4194]: | peer client is subnet 10.6.0.0/24
Jan 30 20:35:43 vyatta pluto[4194]: | peer client protocol/port is 0/0
Jan 30 20:35:43 vyatta pluto[4194]: | ***emit ISAKMP Hash Payload:
Jan 30 20:35:43 vyatta pluto[4194]: | next payload type: ISAKMP_NEXT_NONE
Jan 30 20:35:43 vyatta pluto[4194]: | emitting 16 zero bytes of HASH into
ISAKMP Hash Payload
Jan 30 20:35:43 vyatta pluto[4194]: | emitting length of ISAKMP Hash
Payload: 20
Jan 30 20:35:43 vyatta pluto[4194]: | HASH(3) computed: 32 59 34 f1 5f 91
4d e0 87 44 59 20 2b f4 66 db
Jan 30 20:35:43 vyatta pluto[4194]: | compute_proto_keymat:needed_len (after
ESP enc)=24
Jan 30 20:35:43 vyatta pluto[4194]: | compute_proto_keymat:needed_len (after
ESP auth)=40
Jan 30 20:35:43 vyatta pluto[4194]: | KEYMAT computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 6e 85 e7 39 75 af 07 1a 23 4b 9e
07 f6 1d 61 c8
Jan 30 20:35:43 vyatta pluto[4194]: | 28 db ab 1c 3a 48 48 93 74 34 a6
11 55 5e 2a 91
Jan 30 20:35:43 vyatta pluto[4194]: | 32 4a 9a 8f d1 cc 73 8f
Jan 30 20:35:43 vyatta pluto[4194]: | Peer KEYMAT computed:
Jan 30 20:35:43 vyatta pluto[4194]: | 5e cb 34 aa 64 7e 1a b6 57 b9 ab
c4 af 40 05 0b
Jan 30 20:35:43 vyatta pluto[4194]: | 4a 52 30 e3 b0 1f 6d e5 74 4e 79
1b b6 aa b8 ed
Jan 30 20:35:43 vyatta pluto[4194]: | c7 a2 c2 b3 24 fb 7e 1c
Jan 30 20:35:43 vyatta pluto[4194]: | install_ipsec_sa() for #2: inbound and
outbound
Jan 30 20:35:43 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" prospective erouted: self; eroute owner: self
Jan 30 20:35:43 vyatta pluto[4194]: | could_route called for
peer-192.168.1.1-tunnel-1 (kind=CK_PERMANENT)
Jan 30 20:35:43 vyatta pluto[4194]: | looking for alg with transid: 3
keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | add inbound eroute 10.6.0.0/24:0 --0->
10.0.0.0/24:0 => tun.10000 at 192.168.1.10 (raw_eroute)
Jan 30 20:35:43 vyatta pluto[4194]: | looking for alg with transid: 3
keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 11 keylen: 0 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 2 keylen: 8 auth: 2
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 0
Jan 30 20:35:43 vyatta pluto[4194]: | checking transid: 3 keylen: 24 auth: 1
Jan 30 20:35:43 vyatta pluto[4194]: | sr for #2: prospective erouted
Jan 30 20:35:43 vyatta pluto[4194]: | route owner of
"peer-192.168.1.1-tunnel-1" prospective erouted: self; eroute owner: self
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute with c:
peer-192.168.1.1-tunnel-1 (next: none) ero:peer-192.168.1.1-tunnel-1
esr:{(nil)} ro:peer-192.168.1.1-tunnel-1 rosr:{(nil)} and state: 2
Jan 30 20:35:43 vyatta pluto[4194]: | eroute_connection replace eroute
10.0.0.0/24:0 --0-> 10.6.0.0/24:0 => tun.0 at 192.168.1.1 (raw_eroute)
Jan 30 20:35:43 vyatta pluto[4194]: | command executing up-client
Jan 30 20:35:43 vyatta pluto[4194]: | executing up-client: 2>&1
PLUTO_VERSION='1.1' PLUTO_VERB='up-client'
PLUTO_CONNECTION='peer-192.168.1.1-tunnel-1' PLUTO_NEXT_HOP='192.168.1.1'
PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.1.10' PLUTO_MY_ID='192.168.1.10'
PLUTO_MY_CLIENT='10.0.0.0/24' PLUTO_MY_CLIENT_NET='10.0.0.0'
PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0'
PLUTO_PEER='192.168.1.1' PLUTO_PEER_ID='192.168.1.1'
PLUTO_PEER_CLIENT='10.6.0.0/24' PLUTO_PEER_CLIENT_NET='10.6.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP' ipsec _updown
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute: firewall_notified:
true
Jan 30 20:35:43 vyatta pluto[4194]: | route_and_eroute: instance
"peer-192.168.1.1-tunnel-1", setting eroute_owner
{spd=0x80fd344,sr=0x80fd344} to #2 (was #0) (newest_ipsec_sa=#0)
Jan 30 20:35:43 vyatta pluto[4194]: | encrypting:
Jan 30 20:35:43 vyatta pluto[4194]: | 00 00 00 14 32 59 34 f1 5f 91 4d
e0 87 44 59 20
Jan 30 20:35:43 vyatta pluto[4194]: | 2b f4 66 db
Jan 30 20:35:43 vyatta pluto[4194]: | IV:
Jan 30 20:35:43 vyatta pluto[4194]: | 82 81 f6 0f 4d 81 33 6f
Jan 30 20:35:43 vyatta pluto[4194]: | emitting 4 zero bytes of encryption
padding into ISAKMP Message
Jan 30 20:35:43 vyatta pluto[4194]: | encrypting using OAKLEY_3DES_CBC
Jan 30 20:35:43 vyatta pluto[4194]: | next IV: 40 0d 1e 9d 91 25 b5 c2
Jan 30 20:35:43 vyatta pluto[4194]: | emitting length of ISAKMP Message: 52
Jan 30 20:35:43 vyatta pluto[4194]: | inR1_outI2: instance
peer-192.168.1.1-tunnel-1[0], setting newest_ipsec_sa to #2 (was #0)
(spd.eroute=#2)
Jan 30 20:35:43 vyatta pluto[4194]: | complete state transition with STF_OK
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jan 30 20:35:43 vyatta pluto[4194]: | sending reply packet to
192.168.1.1:500 (from port=500)
Jan 30 20:35:43 vyatta pluto[4194]: | sending 52 bytes for STATE_QUICK_I1
through eth2:500 to 192.168.1.1:500:
Jan 30 20:35:43 vyatta pluto[4194]: | 37 e7 99 a5 fa ed 9f 21 c0 f8 c2
a7 23 5b db 82
Jan 30 20:35:43 vyatta pluto[4194]: | 08 10 20 01 19 21 3d 78 00 00 00
34 41 4f 0e b4
Jan 30 20:35:43 vyatta pluto[4194]: | 5b 6c 4d 2a a7 76 31 22 ed 72 f2
ef 40 0d 1e 9d
Jan 30 20:35:43 vyatta pluto[4194]: | 91 25 b5 c2
Jan 30 20:35:43 vyatta pluto[4194]: | inserting event EVENT_SA_REPLACE,
timeout in 28208 seconds for #2
Jan 30 20:35:43 vyatta pluto[4194]: "peer-192.168.1.1-tunnel-1" #2:
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x9351c5c3 <0x376d15c4
xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Jan 30 20:35:43 vyatta pluto[4194]: | modecfg pull: noquirk policy:push
not-client
Jan 30 20:35:43 vyatta pluto[4194]: | phase 1 is done, looking for phase 1
to unpend
Jan 30 20:35:43 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 89
seconds
Jan 30 20:37:12 vyatta pluto[4194]: |
Jan 30 20:37:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:37:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:37:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2705 seconds
Jan 30 20:37:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:37:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:37:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:39:12 vyatta pluto[4194]: |
Jan 30 20:39:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:39:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:39:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2585 seconds
Jan 30 20:39:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:39:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:39:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:40:11 vyatta pluto[4194]: |
Jan 30 20:40:11 vyatta pluto[4194]: | *received whack message
Jan 30 20:40:11 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:40:11 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 61
seconds
Jan 30 20:40:11 vyatta pluto[4194]: |
Jan 30 20:40:11 vyatta pluto[4194]: | *received whack message
Jan 30 20:40:11 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:40:11 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 61
seconds
Jan 30 20:41:12 vyatta pluto[4194]: |
Jan 30 20:41:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:41:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:41:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2465 seconds
Jan 30 20:41:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:41:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:41:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:42:12 vyatta pluto[4194]: |
Jan 30 20:42:12 vyatta pluto[4194]: | *received whack message
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:42:12 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:42:12 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:42:12 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:42:12 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:42:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 60
seconds
Jan 30 20:43:12 vyatta pluto[4194]: |
Jan 30 20:43:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:43:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:43:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2345 seconds
Jan 30 20:43:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:43:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:43:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:45:12 vyatta pluto[4194]: |
Jan 30 20:45:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:45:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:45:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2225 seconds
Jan 30 20:45:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:45:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:45:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:47:12 vyatta pluto[4194]: |
Jan 30 20:47:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:47:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:47:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 2105 seconds
Jan 30 20:47:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:47:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:47:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:49:12 vyatta pluto[4194]: |
Jan 30 20:49:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:49:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:49:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1985 seconds
Jan 30 20:49:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:49:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:49:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:51:12 vyatta pluto[4194]: |
Jan 30 20:51:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:51:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:51:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1865 seconds
Jan 30 20:51:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:51:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:51:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:53:12 vyatta pluto[4194]: |
Jan 30 20:53:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:53:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:53:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1745 seconds
Jan 30 20:53:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:53:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:53:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:49 vyatta pluto[4194]: |
Jan 30 20:53:49 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:49 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:53:49 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:53:49 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:53:49 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:53:49 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 83
seconds
Jan 30 20:53:54 vyatta pluto[4194]: |
Jan 30 20:53:54 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:54 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:54 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 78
seconds
Jan 30 20:53:55 vyatta pluto[4194]: |
Jan 30 20:53:55 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:55 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:53:55 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 77
seconds
Jan 30 20:53:55 vyatta pluto[4194]: |
Jan 30 20:53:55 vyatta pluto[4194]: | *received whack message
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:53:55 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:53:55 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:53:55 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:53:55 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:53:55 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 77
seconds
Jan 30 20:55:12 vyatta pluto[4194]: |
Jan 30 20:55:12 vyatta pluto[4194]: | *time to handle event
Jan 30 20:55:12 vyatta pluto[4194]: | handling event EVENT_PENDING_PHASE2
Jan 30 20:55:12 vyatta pluto[4194]: | event after this is EVENT_SA_REPLACE
in 1625 seconds
Jan 30 20:55:12 vyatta pluto[4194]: | inserting event EVENT_PENDING_PHASE2,
timeout in 120 seconds
Jan 30 20:55:12 vyatta pluto[4194]: | pending review: connection
"peer-192.168.1.1-tunnel-1" checked
Jan 30 20:55:12 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 120
seconds
Jan 30 20:57:06 vyatta pluto[4194]: |
Jan 30 20:57:06 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:06 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:57:06 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 6
seconds
Jan 30 20:57:06 vyatta pluto[4194]: |
Jan 30 20:57:06 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:06 vyatta pluto[4194]: | kernel_alg_esp_enc_ok(3,0): alg_id=3,
alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
Jan 30 20:57:06 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 6
seconds
Jan 30 20:57:07 vyatta pluto[4194]: |
Jan 30 20:57:07 vyatta pluto[4194]: | *received whack message
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list locked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | authcert list unlocked by
'list_authcerts'
Jan 30 20:57:07 vyatta pluto[4194]: | crl list locked by 'list_crls'
Jan 30 20:57:07 vyatta pluto[4194]: | crl list unlocked by 'list_crls'
Jan 30 20:57:07 vyatta pluto[4194]: | crl fetch request list locked by
'list_crl_fetch_requests'
Jan 30 20:57:07 vyatta pluto[4194]: | crl fetch request list unlocked by
'list_crl_fetch_requests'
Jan 30 20:57:07 vyatta pluto[4194]: | next event EVENT_PENDING_PHASE2 in 5
seconds
+ _________________________ date
+ date
Tue Jan 30 20:57:07 GMT 2007
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Tuesday, January 30, 2007 5:51 PM
To: Greg Michaels
Subject: RE: [Openswan Users] Juniper/Netscreen-5GT to OpenSwan IPSec VPN
Tunnel
On Tue, 30 Jan 2007, Greg Michaels wrote:
> My secrets are bogus because it is in my lab until I resolve these issues.
Ok.
> 000 "peer-192.168.1.1-tunnel-1":
> 10.0.0.0/24===192.168.1.10...192.168.1.1===10.6.0.0/24; erouted; eroute
> owner: #2
> 000 "peer-192.168.1.1-tunnel-1": srcip=unset; dstip=unset; srcup=ipsec
> _updown; dstup=ipsec _updown;
> 000 "peer-192.168.1.1-tunnel-1": ike_life: 3600s; ipsec_life: 28800s;
> rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
> 000 "peer-192.168.1.1-tunnel-1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP;
> prio:
> 000 #2: "peer-192.168.1.1-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA
> established); EVENT_SA_REPLACE in 26925s; newest IPSEC; eroute owner
> 000 #2: "peer-192.168.1.1-tunnel-1" esp.9351c5c3 at 192.168.1.1
> esp.376d15c4 at 192.168.1.10 tun.0 at 192.168.1.1 tun.0 at 192.168.1.10
> 000 #1: "peer-192.168.1.1-tunnel-1":500 STATE_MAIN_I4 (ISAKMP SA
> established); EVENT_SA_REPLACE in 1511s; newest ISAKMP; lastdpd=-1s(seq
> in:0
> out:0)
Looks like it is up. 'ipsec barf' would give me more information.
Paul
More information about the Users
mailing list