[Openswan Users] After reboot openswan quits

Tejas Jin txjin at intelliepi.com
Mon Oct 22 20:07:30 EDT 2007


I have had this system up and running for a month.  It got rebooted and 
now none of the road warriors can connect to it.  I think I'm blinded by 
it worked before and it should be working now.   Maybe somebody else can 
see the problem.  It's not even making the first step key exchange 
correctly.




--------------------------------------------------------------------------------------------------------------
roadwarrior ipsec.conf
------------------------------------------------------------------------------------------------------------
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        nat_traversal=yes

conn office
        keyexchange=ike
        esp=3des-md5
        ike=3des-md5
        authby=secret
        pfs=yes
        keylife=3600
        right=66.211.219.100
        rightsubnet=192.168.5.0/24
        #rightsourceip=
        rightnexthop=%defaultroute
        rightid=@firewall
        left=%defaultroute
        #leftsubnet=vhost:%priv,%no
        #rightnexthop=%defaultroute
        leftid=@warrior

include /etc/ipsec.d/*.conf
-----------------------------------------------
ipsec.conf openswan server
-------------------------------------------------
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="control parsing"
        virtual_private=%v4:192.168.5.0/24
        nat_traversal=yes


conn office
        keyexchange=ike
        esp=3des-md5
        ike=3des-md5
        authby=secret
        pfs=yes
        keylife=3600
        left=66.211.219.100
        leftsubnet=192.168.1.0/24
        leftsourceip=192.168.1.177
        leftnexthop=%defaultroute
        leftid=@firewall
        right=%any
        #rightsubnet=192.168.5.0/24
        rightsubnet=vhost:%priv,%no
        rightnexthop=%defaultroute
        rightid=@warrior

include /etc/ipsec.d/*.conf
------------------------------------------------------------------------
ipsec.secrets
-------------------------------------------------------------------
: PSK "mysecretkey"
---------------------------------------------------------------------------
sysctl.conf
---------------------------------------------------------------------------
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0


net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

---------------------------------------------------------------------------
logs on server
---------------------------------------------------------------------------
Oct 22 18:39:28 gandalftemp ipsec__plutorun: Starting Pluto subsystem...
Oct 22 18:39:28 gandalftemp pluto[28764]: Starting Pluto (Openswan 
Version openswan-2.4.9-31.el4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; 
Vendor ID OEa\134LNewa~Br)
Oct 22 18:39:28 gandalftemp pluto[28764]: Setting NAT-Traversal 
port-4500 floating to on
Oct 22 18:39:28 gandalftemp pluto[28764]:    port floating activation 
criteria nat_t=1/port_fload=1
Oct 22 18:39:28 gandalftemp pluto[28764]:   including NAT-Traversal 
patch (Version 0.6c)
Oct 22 18:39:28 gandalftemp pluto[28764]: ike_alg_register_enc(): 
Activating OAKLEY_AES_CBC: Ok (ret=0)
Oct 22 18:39:28 gandalftemp pluto[28764]: starting up 1 cryptographic 
helpers
Oct 22 18:39:28 gandalftemp pluto[28764]: started helper pid=28767 (fd:6)
Oct 22 18:39:28 gandalftemp pluto[28764]: Using NETKEY IPsec interface 
code on 2.6.9-42.ELsmp
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory 
'/etc/ipsec.d/cacerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory 
'/etc/ipsec.d/aacerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
Oct 22 18:39:28 gandalftemp pluto[28764]: Changing to directory 
'/etc/ipsec.d/crls'
Oct 22 18:39:28 gandalftemp pluto[28764]:   Warning: empty directory
Oct 22 18:39:28 gandalftemp pluto[28764]: listening for IKE messages
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth1/eth1 
192.168.1.177:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth1/eth1 
192.168.1.177:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth0/eth0 
66.221.219.100:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface eth0/eth0 
66.221.219.100:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo 
127.0.0.1:500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo 
127.0.0.1:4500
Oct 22 18:39:28 gandalftemp pluto[28764]: adding interface lo/lo ::1:500
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from 
"/etc/ipsec.secrets"
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from 
"/etc/ipsec.d/hostkey.secrets"
Oct 22 18:39:28 gandalftemp pluto[28764]: loading secrets from 
"/etc/ipsec.d/ipsec.secrets"
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:39:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: initial Main Mode message received on 
66.221.219.100:500 but no connection has been authorized
Oct 22 18:39:38 gandalftemp pluto[28764]: added connection description 
"office"
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:39:56 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:39:56 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:40:06 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:40:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:40:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:40:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:40:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:41:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:06 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #1: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:16 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #2: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:23 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #3: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:41:33 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:33 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:41:35 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #4: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:41:45 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:41:45 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:03 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #5: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:42:13 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9: 
responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9: 
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:13 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9: 
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:15 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #6: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:42:25 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#10: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:25 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#10: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:43 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #7: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Openswan (this version) 
openswan-2.4.9-31.el4  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [Dead Peer Detection]
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Oct 22 18:42:53 gandalftemp pluto[28764]: packet from 
74.183.111.211:500: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#11: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#11: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:42:53 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#11: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:42:55 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #8: 
max number of retransmissions (2) reached STATE_MAIN_R1
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [Dead Peer Detection]
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [RFC 3947] method set to=110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but 
already using method 110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but 
already using method 110
Oct 22 18:43:05 gandalftemp pluto[28764]: packet from 74.183.111.211:78: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#12: responding to Main Mode from unknown peer 74.183.111.211
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 22 18:43:05 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 
#12: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 22 18:43:23 gandalftemp pluto[28764]: "office"[1] 74.183.111.211 #9: 
max number of retransmissions (2) reached STATE_MAIN_R1


-----------------------------------------------------------------------------
tcpdump
------------------------------------------------------------------------------
18:45:32.996548 IP 76.184.110.195.isakmp > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:42.993088 IP 76.184.110.195.isakmp > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:44.240883 IP 76.184.110.195.78 > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:45:54.247385 IP 76.184.110.195.78 > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:46:02.994365 IP 76.184.110.195.isakmp > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident
18:46:14.236072 IP 76.184.110.195.78 > 
66.211.219.100.ptr.us.xo.net.isakmp: isakmp: phase 1 I ident



More information about the Users mailing list