[Openswan Users] After reboot openswan quits
Tejas Jin
txjin at intelliepi.com
Mon Oct 22 20:07:30 EDT 2007
I have had this system up and running for a month. It got rebooted and
now none of the road warriors can connect to it. I think I'm blinded by
it worked before and it should be working now. Maybe somebody else can
see the problem. It's not even making the first step key exchange
correctly.
--------------------------------------------------------------------------------------------------------------
roadwarrior ipsec.conf
------------------------------------------------------------------------------------------------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
right=66.211.219.100
rightsubnet=192.168.5.0/24
#rightsourceip=
rightnexthop=%defaultroute
rightid=@firewall
left=%defaultroute
#leftsubnet=vhost:%priv,%no
#rightnexthop=%defaultroute
leftid=@warrior
include /etc/ipsec.d/*.conf
-----------------------------------------------
ipsec.conf openswan server
-------------------------------------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
virtual_private=%v4:192.168.5.0/24
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
left=66.211.219.100
leftsubnet=192.168.1.0/24
leftsourceip=192.168.1.177
leftnexthop=%defaultroute
leftid=@firewall
right=%any
#rightsubnet=192.168.5.0/24
rightsubnet=vhost:%priv,%no
rightnexthop=%defaultroute
rightid=@warrior
include /etc/ipsec.d/*.conf
------------------------------------------------------------------------
ipsec.secrets
-------------------------------------------------------------------
: PSK "mysecretkey"
---------------------------------------------------------------------------
sysctl.conf
---------------------------------------------------------------------------
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
---------------------------------------------------------------------------
logs on server
---------------------------------------------------------------------------
Oct 22 18:39:28 gandalftemp ipsec__plutorun: Starting Pluto subsystem...
Oct 22 18:39:28 gandalftemp pluto[28764]: Starting Pluto (Openswan
Version openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR;
Vendor ID OEa\134LNewa~Br)
Oct 22 18:39:28 gandalftemp pluto[28764]: Setting NAT-Traversal
port-4500 floating to on
Oct 22 18:39:28 gandalftemp pluto[28764]: port floating activation
criteria nat_t=1/port_fload=1
Oct 22 18:39:28 gandalftemp pluto[28764]: including NAT-Traversal
patch (Version 0.6c)
Oct 22 18:39:28 gandalftemp pluto[28764]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Oct 22 18:39:28 gandalftemp pluto[28764]: starting up 1 cryptographic
helpers
Oct 22 18:39:28 gandalftemp pluto[28764]: started helper pid=28767 (fd:6)
Oct 22 18:39:28 gandalftemp pluto[28764]: Using NETKEY IPsec interface
code on 2.6.9-42.ELsmp
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory
'/etc/ipsec.d/cacerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory
'/etc/ipsec.d/aacerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory
'/etc/ipsec.d/crls'
Oct 22 18:39:28 gandalftemp pluto[28764]: Warning: empty directory
Oct 22 18:39:28 gandalftemp pluto[28764]: listening for IKE messages
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth1/eth1
192.168.1.177:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth1/eth1
192.168.1.177:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth0/eth0
66.221.219.100:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth0/eth0
66.221.219.100:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo
127.0.0.1:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo
127.0.0.1:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo ::1:500
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from
"/etc/ipsec.secrets"
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from
"/etc/ipsec.d/ipsec.secrets"
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: initial Main Mode message received on
66.221.219.100:500 but no connection has been authorized
Oct 22 18:39:38 gandalftemp pluto[28764]: added connection description
"office"
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:16 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:23 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:35 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:03 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9:
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:15 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#10: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#10: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:43 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Openswan (this version)
openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from
74.183.111.211:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#11: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#11: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#11: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:55 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8:
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#12: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211
#12: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:43:23 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9:
max number of retransmissions (2) reached STATE_MAIN_R1
-----------------------------------------------------------------------------
tcpdump
------------------------------------------------------------------------------
18:45:32.996548 IP 76.184.110.195.isakmp >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:42.993088 IP 76.184.110.195.isakmp >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:44.240883 IP 76.184.110.195.78 >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:54.247385 IP 76.184.110.195.78 >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:46:02.994365 IP 76.184.110.195.isakmp >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:46:14.236072 IP 76.184.110.195.78 >
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
More information about the Users
mailing list