[Openswan Users] Openswan 2.6.14 (Fedora 9 revisited)
Michael H. Warfield
mhw at WittsEnd.com
Tue Sep 30 12:45:19 EDT 2008
Hey all,
I'm having more X.509 certificate problems with Openswan 2.6.14 now
that I'm upgrading more of my servers. Back in May and June there was a
discussion over this as I was upgrading some clients to F9 and found
that X.509 certs were failing due to the change in default id behavior.
That was eventually worked out with an upgrade and with adding rightid=%
fromcert and leftid=%fromcert. Those were all client systems which were
initiating connections (auto=start). The servers these systems were
connecting to remained at F8 w/ 2.4.9 until very recently.
Now I've upgraded the servers and, once again, found the X.509
certificates are broken, but in a different way. I do see the peer id
reported like this: "Main mode peer ID is ID_DER_ASN1_DN" followed but
the certificate subject. That's good, it's not the earlier problem,
then. But, the connections are failing with "no suitable connection for
peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology,
CN=complex.wittsend.com, E=postmaster at wittsend.com'" But this
connection worked just fine under 2.4.9. In fact, by force installing
2.4.9, I can restore the servers back to operation, regardless of
whether the clients are F8 / 2.4.9 or F9 / 2.6.14.
I've now set up a testbed to test this. Both machines are F9 fully
updated. The client is currently running Openswan 2.4.9. If I have
2.4.9 installed on the server, I establish a connection perfectly fine.
If I install 2.6.14 on the server (no change to the client), the
connection fails with "no suitable connection". Drop back to 2.4.9 on
the server and functionality is restored. I can't see what's broken but
it seems to be in the CA handling. Changing the version on the Client
side has no impact.
I've set plutodebug="control parsing" in the server and performed one
run each with 2.4.9 and 2.6.14. I've got the pluto logs and ipsec barf
attached. The ".1" set is the 2.4.9 and the ".2" set is the 2.6.14 run.
The difference in the logs is right around this area:
With 2.4.9:
Sep 30 12:10:05 romulus pluto[8699]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | offered CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | required CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:10:05 romulus pluto[8699]: | key issuer CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:10:05 romulus pluto[8699]: | an RSA Sig check passed with *AwEAAfKmu [preloaded key]
With 2.6.14:
Sep 30 12:13:50 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:50 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Am I missing something with my CA? It shows up under --listcacerts.
But it looks like it's not being honored or offered in the validation.
[root at romulus ~]# ipsec auto --listcacerts
000
000 List of X.509 CA Certificates:
000
000 Sep 30 12:36:52 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 00:d3:63:dc:75:23:6e:da:7b
000 pubkey: 2048 RSA Key AwEAAbAaj
000 validity: not before Mar 24 13:29:15 2008 ok
000 not after Mar 22 13:29:15 2018 ok
000 subjkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:36:52 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAaEbP
000 validity: not before Aug 01 10:42:32 2004 ok
000 not after Jul 30 10:42:32 2014 ok
000 subjkey: 7f:2a:6a:55:7b:a6:0f:aa:48:4e:c7:ee:00:6f:4c:ff:b8:ff:ec:37
000 Sep 30 12:36:52 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 serial: 00
000 pubkey: 512 RSA Key AwEAAapCk
000 validity: not before Aug 01 10:44:01 2004 ok
000 not after Jul 30 10:44:01 2014 ok
000 subjkey: 91:f0:06:d7:ad:12:ae:0b:02:36:bb:c8:a4:02:c1:5a:b5:0b:8c:ca
Config on "Romulus" (the server):
# defaults for subsequent connection descriptions
conn %default
authby=rsasig
# Left security gateway, subnet behind it, next hop toward it.
left=130.205.32.3
leftsourceip=130.205.32.3
leftnexthop=130.205.32.1
leftrsasigkey=%cert
leftcert=romulus.wittsend.com.crt
leftid=%fromcert
rightrsasigkey=%none # new default %dnsondemand
conn complex
right=65.7.156.165
rightnexthop=65.14.248.12
rightsubnet=130.205.0.0/19
rightrsasigkey=%cert
rightcert=complex.wittsend.com.crt
rightid=%fromcert
rightca=%any
leftrsasigkey=%cert
type=tunnel
auto=add
Config on "Complex" (Client):
# defaults for subsequent connection descriptions
conn %default
authby=rsasig
rightrsasigkey=%none
# Left security gateway, subnet behind it, next hop toward it.
# Set up our defaults for our static DSL address on ppp0
leftrsasigkey=%cert
leftcert=complex.wittsend.com.crt
leftid=%fromcert
left=65.7.156.165
leftnexthop=65.14.248.12
conn romulus
right=130.205.32.3
rightnexthop=130.205.32.1
rightcert=romulus.wittsend.com.crt
rightrsasigkey=%cert
rightid=%fromcert
leftsubnet=130.205.0.0/19
pfs=yes
rekey=yes
type=tunnel
auto=start
Any thing else I can dig for?
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
romulus.wittsend.com
Tue Sep 30 12:11:38 EDT 2008
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.9/K2.6.24-ovz005.1 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.24-ovz005.1 (root at centos-32-build) (gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)) #1 SMP Mon May 12 16:38:09 MSD 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.31.250.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
130.205.32.50 130.205.32.4 255.255.255.255 UGH 0 0 0 veth0
172.31.255.2 130.205.32.4 255.255.255.255 UGH 0 0 0 veth0
130.205.39.0 130.205.32.8 255.255.255.0 UG 0 0 0 veth0
172.31.250.0 172.31.250.2 255.255.255.0 UG 0 0 0 tun0
172.31.255.0 130.205.32.4 255.255.255.0 UG 0 0 0 veth0
130.205.33.0 130.205.32.8 255.255.255.0 UG 0 0 0 veth0
172.31.192.0 0.0.0.0 255.255.255.0 U 0 0 0 veth1
130.205.156.0 130.205.32.14 255.255.252.0 UG 0 0 0 veth0
130.205.36.0 130.205.32.4 255.255.252.0 UG 0 0 0 veth0
130.205.32.0 0.0.0.0 255.255.240.0 U 0 0 0 veth0
130.205.160.0 130.205.32.14 255.255.224.0 UG 0 0 0 veth0
130.205.0.0 130.205.32.1 255.255.224.0 UG 0 0 0 veth0
130.205.192.0 130.205.32.14 255.255.192.0 UG 0 0 0 veth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 veth1
0.0.0.0 130.205.32.1 0.0.0.0 UG 0 0 0 veth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 130.205.32.3 dst 65.7.156.165
proto esp spi 0xf1179fc1 reqid 16389 mode tunnel
replay-window 32
auth hmac(sha1) 0x81ad3b0b0bed8cde905ea2fa19a92a98f4244e9a
enc cbc(aes) 0xaec449fbe75f28f698b9eacf9e4b8020
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 65.7.156.165 dst 130.205.32.3
proto esp spi 0x58598cab reqid 16389 mode tunnel
replay-window 32
auth hmac(sha1) 0xe5267cbbc3715f88690b4aebd61ea79793aaaea3
enc cbc(aes) 0xf8f824ea21108342aef21f7d09430c05
sel src 0.0.0.0/0 dst 0.0.0.0/0
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 130.205.0.0/19 dst 130.205.32.3/32
dir in priority 2093 ptype main
tmpl src 65.7.156.165 dst 130.205.32.3
proto esp reqid 16389 mode tunnel
src 130.205.32.3/32 dst 130.205.0.0/19
dir out priority 2093 ptype main
tmpl src 130.205.32.3 dst 65.7.156.165
proto esp reqid 16389 mode tunnel
src 130.205.0.0/19 dst 130.205.32.3/32
dir fwd priority 2093 ptype main
tmpl src 65.7.156.165 dst 130.205.32.3
proto esp reqid 16389 mode tunnel
src ::/0 dst ::/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface tun6to4/tun6to4 2002:82cd:2003::1
000 interface lo/lo ::1
000 interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface veth0/veth0 130.205.32.3
000 interface veth0/veth0 130.205.32.3
000 interface veth1/veth1 172.31.192.3
000 interface veth1/veth1 172.31.192.3
000 interface tun0/tun0 172.31.250.1
000 interface tun0/tun0 172.31.250.1
000 %myid = (none)
000 debug parsing+control
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=(null), ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "canyon": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com]; unrouted; eroute owner: #0
000 "canyon": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "canyon": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "canyon": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "canyon": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: veth0; encap: esp;
000 "canyon": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "chaos": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.37[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net]; unrouted; eroute owner: #0
000 "chaos": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "chaos": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "chaos": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "chaos": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: veth0; encap: esp;
000 "chaos": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "charon-0": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]; unrouted; eroute owner: #0
000 "charon-0": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "charon-0": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "charon-0": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "charon-0": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: veth0; encap: esp;
000 "charon-0": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "charon-1": 130.205.32.0/24===130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]===130.205.36.0/24; unrouted; eroute owner: #0
000 "charon-1": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "charon-1": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "charon-1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "charon-1": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 24,24; interface: veth0; encap: esp;
000 "charon-1": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "complex": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.12---65.7.156.165[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com]===130.205.0.0/19; erouted; eroute owner: #2
000 "complex": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "complex": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "complex": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "complex": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,19; interface: veth0; encap: esp;
000 "complex": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "complex": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "kolvir": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.84[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net]; unrouted; eroute owner: #0
000 "kolvir": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "kolvir": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "kolvir": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "kolvir": policy: RSASIG+ENCRYPT+PFS; prio: 32,32; interface: veth0; encap: udp;
000 "kolvir": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "rebma": 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.68[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net]; unrouted; eroute owner: #0
000 "rebma": srcip=130.205.32.3; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "rebma": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "rebma": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "rebma": policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,32; interface: veth0; encap: esp;
000 "rebma": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #2: "complex":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 28507s; newest IPSEC; eroute owner
000 #2: "complex" esp.f1179fc1 at 65.7.156.165 esp.58598cab at 130.205.32.3 tun.0 at 65.7.156.165 tun.0 at 130.205.32.3
000 #1: "complex":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3307s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:80:3F:03:45:5A
inet6 addr: fe80::280:3fff:fe03:455a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92040219 errors:24009 dropped:0 overruns:0 frame:24009
TX packets:1836686 errors:67 dropped:0 overruns:0 carrier:67
collisions:240979 txqueuelen:10
RX bytes:4233232049 (3.9 GiB) TX bytes:280074792 (267.1 MiB)
Base address:0xc000 Memory:fa100000-fa120000
eth1 Link encap:Ethernet HWaddr 00:80:3F:03:45:5B
inet6 addr: fe80::280:3fff:fe03:455b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:501894 errors:0 dropped:0 overruns:0 frame:0
TX packets:958936 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:96454448 (91.9 MiB) TX bytes:1100200231 (1.0 GiB)
Base address:0xb000 Memory:fa000000-fa020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11452 errors:0 dropped:0 overruns:0 frame:0
TX packets:11452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2038246 (1.9 MiB) TX bytes:2038246 (1.9 MiB)
pan0 Link encap:Ethernet HWaddr 26:D8:68:85:6D:3E
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.31.250.1 P-t-P:172.31.250.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun6to4 Link encap:IPv6-in-IPv4
inet6 addr: 2002:82cd:2003::1/16 Scope:Global
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
veth0 Link encap:Ethernet HWaddr 00:80:3F:03:45:5A
inet addr:130.205.32.3 Bcast:130.205.47.255 Mask:255.255.240.0
inet6 addr: fe80::280:3fff:fe03:455a/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:92740759 errors:0 dropped:0 overruns:0 frame:0
TX packets:1076719 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2660496318 (2.4 GiB) TX bytes:140883327 (134.3 MiB)
veth1 Link encap:Ethernet HWaddr 00:80:3F:03:45:5B
inet addr:172.31.192.3 Bcast:172.31.192.255 Mask:255.255.255.0
inet6 addr: 2001:4830:3000:2:280:3fff:fe03:455b/64 Scope:Global
inet6 addr: fe80::280:3fff:fe03:455b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:498992 errors:0 dropped:0 overruns:0 frame:0
TX packets:955675 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:87046877 (83.0 MiB) TX bytes:1094687266 (1.0 GiB)
veth1014.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:371 errors:0 dropped:0 overruns:0 frame:0
TX packets:733939 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21645 (21.1 KiB) TX bytes:41443612 (39.5 MiB)
veth1014.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2642 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:199127 (194.4 KiB)
veth1064.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:40
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1664 errors:0 dropped:0 overruns:0 frame:0
TX packets:735019 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:172895 (168.8 KiB) TX bytes:41515300 (39.5 MiB)
veth1064.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:40
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2640 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:198995 (194.3 KiB)
veth1065.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:41
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:358 errors:0 dropped:0 overruns:0 frame:0
TX packets:733923 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26779 (26.1 KiB) TX bytes:41443610 (39.5 MiB)
veth1065.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:41
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:2637 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:620 (620.0 b) TX bytes:198767 (194.1 KiB)
veth1074.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21693 errors:0 dropped:0 overruns:0 frame:0
TX packets:717446 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2143412 (2.0 MiB) TX bytes:40273178 (38.4 MiB)
veth1074.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:2635 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:524 (524.0 b) TX bytes:198615 (193.9 KiB)
veth1075.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:782 errors:0 dropped:0 overruns:0 frame:0
TX packets:734313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:101493 (99.1 KiB) TX bytes:41469181 (39.5 MiB)
veth1075.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2632 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:198387 (193.7 KiB)
veth1076.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:365 errors:0 dropped:0 overruns:0 frame:0
TX packets:733905 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27703 (27.0 KiB) TX bytes:41441742 (39.5 MiB)
veth1076.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:197879 (193.2 KiB)
veth1077.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:716 errors:0 dropped:0 overruns:0 frame:0
TX packets:734285 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100245 (97.8 KiB) TX bytes:41466103 (39.5 MiB)
veth1077.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2621 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:197599 (192.9 KiB)
veth1078.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:334 errors:0 dropped:0 overruns:0 frame:0
TX packets:733821 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25730 (25.1 KiB) TX bytes:41437343 (39.5 MiB)
veth1078.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:196939 (192.3 KiB)
veth1079.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1915 errors:0 dropped:0 overruns:0 frame:0
TX packets:735071 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1438124 (1.3 MiB) TX bytes:41540223 (39.6 MiB)
veth1079.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:196283 (191.6 KiB)
veth1080.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:50
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8653 errors:0 dropped:0 overruns:0 frame:0
TX packets:291676 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:840568 (820.8 KiB) TX bytes:16095352 (15.3 MiB)
veth1080.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:50
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:206 errors:0 dropped:0 overruns:0 frame:0
TX packets:1197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27664 (27.0 KiB) TX bytes:95930 (93.6 KiB)
veth1081.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:51
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49709 errors:0 dropped:0 overruns:0 frame:0
TX packets:739769 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26231781 (25.0 MiB) TX bytes:42103574 (40.1 MiB)
veth1081.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:51
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1801 errors:0 dropped:0 overruns:0 frame:0
TX packets:4157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1890366 (1.8 MiB) TX bytes:345403 (337.3 KiB)
veth1082.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:52
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71168 errors:0 dropped:0 overruns:0 frame:0
TX packets:804746 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2858581 (2.7 MiB) TX bytes:44899254 (42.8 MiB)
veth1082.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:52
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2585 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 b) TX bytes:194959 (190.3 KiB)
veth1083.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:53
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:341 errors:0 dropped:0 overruns:0 frame:0
TX packets:733737 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21338 (20.8 KiB) TX bytes:41432724 (39.5 MiB)
veth1083.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:53
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:2849 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30364 (29.6 KiB) TX bytes:225848 (220.5 KiB)
veth1084.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:432 errors:0 dropped:0 overruns:0 frame:0
TX packets:733749 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31716 (30.9 KiB) TX bytes:41442521 (39.5 MiB)
veth1084.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60 errors:0 dropped:0 overruns:0 frame:0
TX packets:2629 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6809 (6.6 KiB) TX bytes:216162 (211.0 KiB)
veth1086.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:56
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:198 errors:0 dropped:0 overruns:0 frame:0
TX packets:299825 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14741 (14.3 KiB) TX bytes:16892798 (16.1 MiB)
veth1086.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:56
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:118 errors:0 dropped:0 overruns:0 frame:0
TX packets:1090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12610 (12.3 KiB) TX bytes:86430 (84.4 KiB)
veth1087.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:57
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:378 errors:0 dropped:0 overruns:0 frame:0
TX packets:733609 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24636 (24.0 KiB) TX bytes:41427981 (39.5 MiB)
veth1087.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:57
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:218 errors:0 dropped:0 overruns:0 frame:0
TX packets:2760 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29462 (28.7 KiB) TX bytes:222429 (217.2 KiB)
veth1088.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:58
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:640 errors:0 dropped:0 overruns:0 frame:0
TX packets:733708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42286 (41.2 KiB) TX bytes:41447309 (39.5 MiB)
veth1088.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:58
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2543 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:191919 (187.4 KiB)
veth1112.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:70
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3710 errors:0 dropped:0 overruns:0 frame:0
TX packets:303772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:232566 (227.1 KiB) TX bytes:17328519 (16.5 MiB)
veth1112.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:70
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:142 errors:0 dropped:0 overruns:0 frame:0
TX packets:1107 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12542 (12.2 KiB) TX bytes:102038 (99.6 KiB)
veth1120.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28592 errors:0 dropped:0 overruns:0 frame:0
TX packets:329399 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9389131 (8.9 MiB) TX bytes:19858811 (18.9 MiB)
veth1120.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 b) TX bytes:73728 (72.0 KiB)
veth1176.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:B0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26465 errors:0 dropped:0 overruns:0 frame:0
TX packets:722967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2740063 (2.6 MiB) TX bytes:41192116 (39.2 MiB)
veth1176.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:B0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:2624 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17542 (17.1 KiB) TX bytes:206750 (201.9 KiB)
veth1192.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:C0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25282 errors:0 dropped:0 overruns:0 frame:0
TX packets:721349 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2239953 (2.1 MiB) TX bytes:40751555 (38.8 MiB)
veth1192.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:C0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:128 errors:0 dropped:0 overruns:0 frame:0
TX packets:2558 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19187 (18.7 KiB) TX bytes:197944 (193.3 KiB)
veth1208.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:D0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34575 errors:0 dropped:0 overruns:0 frame:0
TX packets:729111 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4632355 (4.4 MiB) TX bytes:41026088 (39.1 MiB)
veth1208.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:D0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2492 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:186268 (181.9 KiB)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10
link/ether 00:80:3f:03:45:5a brd ff:ff:ff:ff:ff:ff
inet6 fe80::280:3fff:fe03:455a/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100
link/ether 00:80:3f:03:45:5b brd ff:ff:ff:ff:ff:ff
inet6 fe80::280:3fff:fe03:455b/64 scope link
valid_lft forever preferred_lft forever
4: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/void
inet6 fe80::1/128 scope link
valid_lft forever preferred_lft forever
5: veth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:80:3f:03:45:5a brd ff:ff:ff:ff:ff:ff
inet 130.205.32.3/20 brd 130.205.47.255 scope global veth0
inet6 fe80::280:3fff:fe03:455a/64 scope link
valid_lft forever preferred_lft forever
6: veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:80:3f:03:45:5b brd ff:ff:ff:ff:ff:ff
inet 172.31.192.3/24 brd 172.31.192.255 scope global veth1
inet6 2001:4830:3000:2:280:3fff:fe03:455b/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::280:3fff:fe03:455b/64 scope link
valid_lft forever preferred_lft forever
7: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
8: tun6to4 at NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/sit 130.205.32.3 brd 0.0.0.0
inet6 2002:82cd:2003::1/16 scope global
valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 172.31.250.1 peer 172.31.250.2/32 scope global tun0
10: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 26:d8:68:85:6d:3e brd ff:ff:ff:ff:ff:ff
11: veth1014.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:0e brd ff:ff:ff:ff:ff:ff
12: veth1014.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:0e brd ff:ff:ff:ff:ff:ff
13: veth1064.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:40 brd ff:ff:ff:ff:ff:ff
14: veth1064.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:40 brd ff:ff:ff:ff:ff:ff
15: veth1065.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:41 brd ff:ff:ff:ff:ff:ff
16: veth1065.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:41 brd ff:ff:ff:ff:ff:ff
17: veth1074.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4a brd ff:ff:ff:ff:ff:ff
18: veth1074.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4a brd ff:ff:ff:ff:ff:ff
19: veth1075.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4b brd ff:ff:ff:ff:ff:ff
20: veth1075.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4b brd ff:ff:ff:ff:ff:ff
21: veth1076.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4c brd ff:ff:ff:ff:ff:ff
22: veth1076.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4c brd ff:ff:ff:ff:ff:ff
23: veth1077.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4d brd ff:ff:ff:ff:ff:ff
24: veth1077.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4d brd ff:ff:ff:ff:ff:ff
25: veth1078.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4e brd ff:ff:ff:ff:ff:ff
26: veth1078.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4e brd ff:ff:ff:ff:ff:ff
27: veth1079.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4f brd ff:ff:ff:ff:ff:ff
28: veth1079.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4f brd ff:ff:ff:ff:ff:ff
31: veth1081.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:51 brd ff:ff:ff:ff:ff:ff
32: veth1081.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:51 brd ff:ff:ff:ff:ff:ff
33: veth1082.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:52 brd ff:ff:ff:ff:ff:ff
34: veth1082.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:52 brd ff:ff:ff:ff:ff:ff
35: veth1083.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:53 brd ff:ff:ff:ff:ff:ff
36: veth1083.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:53 brd ff:ff:ff:ff:ff:ff
37: veth1084.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:54 brd ff:ff:ff:ff:ff:ff
38: veth1084.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:54 brd ff:ff:ff:ff:ff:ff
41: veth1087.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:57 brd ff:ff:ff:ff:ff:ff
42: veth1087.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:57 brd ff:ff:ff:ff:ff:ff
43: veth1088.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:58 brd ff:ff:ff:ff:ff:ff
44: veth1088.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:58 brd ff:ff:ff:ff:ff:ff
49: veth1176.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:b0 brd ff:ff:ff:ff:ff:ff
50: veth1176.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:b0 brd ff:ff:ff:ff:ff:ff
51: veth1192.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:c0 brd ff:ff:ff:ff:ff:ff
52: veth1192.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:c0 brd ff:ff:ff:ff:ff:ff
53: veth1208.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:d0 brd ff:ff:ff:ff:ff:ff
54: veth1208.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:d0 brd ff:ff:ff:ff:ff:ff
55: veth1080.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:50 brd ff:ff:ff:ff:ff:ff
56: veth1080.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:50 brd ff:ff:ff:ff:ff:ff
57: veth1086.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:56 brd ff:ff:ff:ff:ff:ff
58: veth1086.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:56 brd ff:ff:ff:ff:ff:ff
59: veth1112.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:70 brd ff:ff:ff:ff:ff:ff
60: veth1112.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:70 brd ff:ff:ff:ff:ff:ff
61: veth1120.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:78 brd ff:ff:ff:ff:ff:ff
62: veth1120.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:78 brd ff:ff:ff:ff:ff:ff
+ _________________________ ip-route-list
+ ip route list
172.31.250.2 dev tun0 proto kernel scope link src 172.31.250.1
130.205.32.50 via 130.205.32.4 dev veth0 proto zebra metric 20
172.31.255.2 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.39.0/24 via 130.205.32.8 dev veth0 proto zebra
172.31.250.0/24 via 172.31.250.2 dev tun0
172.31.255.0/24 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.33.0/24 via 130.205.32.8 dev veth0 proto zebra
172.31.192.0/24 dev veth1 proto kernel scope link src 172.31.192.3
130.205.156.0/22 via 130.205.32.14 dev veth0
130.205.36.0/22 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.32.0/20 dev veth0 proto kernel scope link src 130.205.32.3
130.205.160.0/19 via 130.205.32.14 dev veth0
130.205.0.0/19 via 130.205.32.1 dev veth0 src 130.205.32.3
130.205.192.0/18 via 130.205.32.14 dev veth0
169.254.0.0/16 dev veth1 scope link
default via 130.205.32.1 dev veth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.24-ovz005.1 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.d/hostkey.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.d/hostkey.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no autonegotiation, 10baseT-HD, link ok
product info: vendor 00:aa:00, model 56 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 10baseT-HD
eth1: negotiated 100baseTx-FD flow-control, link ok
product info: vendor 00:50:43, model 2 rev 3
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
romulus.wittsend.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
130.205.32.3
+ _________________________ uptime
+ uptime
12:11:39 up 2 days, 44 min, 3 users, load average: 0.34, 0.36, 0.29
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 9578 29992 20 0 4748 1096 - S+ pts/2 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 9656 9578 20 0 2044 500 - S+ pts/2 0:00 \_ egrep -i ppid|pluto|ipsec|klips
1 0 9313 1 20 0 2716 416 - S pts/2 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug control parsing --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
1 0 9314 9313 20 0 2716 588 - S pts/2 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug control parsing --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack auto --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid
4 0 9315 9314 20 0 2976 1540 - S pts/2 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-control --debug-parsing --use-auto --uniqueids --nat_traversal
1 0 9316 9315 30 10 2920 656 - SN pts/2 0:00 | \_ pluto helper # 0
0 0 9403 9315 20 0 1756 296 - S pts/2 0:00 | \_ _pluto_adns
4 0 9322 9313 20 0 2720 1092 - S pts/2 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0 0 9317 1 20 0 1808 500 - S pts/2 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=veth0
routevirt=ipsec0
routeaddr=130.205.32.3
routenexthop=130.205.32.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug="control parsing"
nat_traversal=yes
#< /etc/ipsec.d/0_default.conf 1
# defaults for subsequent connection descriptions
conn %default
authby=rsasig
# Left security gateway, subnet behind it, next hop toward it.
left=130.205.32.3
leftsourceip=130.205.32.3
leftnexthop=130.205.32.1
leftrsasigkey=%cert
leftcert=romulus.wittsend.com.crt
leftid=%fromcert
rightrsasigkey=%none # new default %dnsondemand
#< /etc/ipsec.d/canyon.conf 1
conn canyon
right=%any
rightrsasigkey=%cert
rightcert=canyon.wittsend.com.crt
leftrsasigkey=%cert
auto=add
#< /etc/ipsec.d/chaos.conf 1
conn chaos
right=209.134.176.37
rightcert=chaos.iss.net.crt
rightrsasigkey=%cert
rightid=%fromcert
auth=esp
type=tunnel
auto=add
#< /etc/ipsec.d/charon.conf 1
conn charon-0
right=74.237.49.95
rightnexthop=65.14.248.11
rightrsasigkey=%cert
rightcert=charon.wittsend.com.crt
leftrsasigkey=%cert
leftcert=remus.wittsend.com.crt
type=tunnel
auto=add
conn charon-1
right=74.237.49.95
rightnexthop=65.14.248.11
rightsubnet=130.205.36.0/24
rightrsasigkey=%cert
rightcert=charon.wittsend.com.crt
leftrsasigkey=%cert
leftcert=remus.wittsend.com.crt
leftsubnet=130.205.32.0/24
type=tunnel
auto=add
#< /etc/ipsec.d/complex.conf 1
conn complex
right=65.7.156.165
rightnexthop=65.14.248.12
rightsubnet=130.205.0.0/19
rightrsasigkey=%cert
rightcert=complex.wittsend.com.crt
rightid=%fromcert
rightca=%any
leftrsasigkey=%cert
type=tunnel
auto=add
#< /etc/ipsec.d/kolvir.conf 1
conn kolvir
right=209.134.176.84
rightrsasigkey=%cert
rightcert=kolvir.iss.net.crt
rightca=%any
leftrsasigkey=%cert
auth=esp
type=transport
pfs=yes
rekey=yes
auto=add
forceencaps=yes
#< /etc/ipsec.d/levy.conf 1
conn levy-0
rightrsasigkey=%cert
rightcert=levy.bythesea.org.crt
leftrsasigkey=%cert
type=tunnel
auto=add
conn levy-1
rightsubnet=130.205.37.0/24
rightrsasigkey=%cert
rightcert=levy.bythesea.org.crt
leftrsasigkey=%cert
leftsubnet=0.0.0.0/0
type=tunnel
auto=add
#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#< /etc/ipsec.d/rebma.conf 1
conn rebma
right=209.134.176.68
rightnexthop=
rightsubnet=
rightcert=rebma.iss.net.crt
rightrsasigkey=%cert
rightid=%fromcert
auth=esp
type=tunnel
auto=add
#> /etc/ipsec.conf 17
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/hostkey.secrets 1
[sums to 68b3...]: RSA romulus.wittsend.com.key ""
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Sep 30 12:11:16 2008, 1024 RSA Key AwEAAfKmu, until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:16 2008, 1024 RSA Key AwEAAfKmu, until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:16 2008, 1024 RSA Key AwEAAfKmu, until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:16 2008, 1024 RSA Key AwEAAfKmu, until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.commandcorp.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:16 2008, 1024 RSA Key AwEAAfKmu, until Jul 26 14:45:14 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbygH, until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbygH, until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbygH, until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbygH, until Jul 26 14:53:50 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAev6j, until Jan 28 12:45:00 2009 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAaRMA, until Jul 26 14:29:25 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbY6Q, until Jul 26 14:30:00 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAbuSp, until Jul 26 14:29:11 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAdJeT, until Jul 26 14:32:56 2012 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAc9BP, until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAc9BP, until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAc9BP, until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.commandcorp.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:11:11 2008, 1024 RSA Key AwEAAc9BP, until Jul 26 14:44:39 2012 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000
000 List of X.509 End Certificates:
000
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 3a
000 pubkey: 1024 RSA Key AwEAAbygH
000 validity: not before Jul 26 14:53:50 2008 ok
000 not after Jul 26 14:53:50 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 31
000 pubkey: 1024 RSA Key AwEAAaRMA
000 validity: not before Jul 26 14:29:25 2008 ok
000 not after Jul 26 14:29:25 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 32
000 pubkey: 1024 RSA Key AwEAAbY6Q
000 validity: not before Jul 26 14:30:00 2008 ok
000 not after Jul 26 14:30:00 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 30
000 pubkey: 1024 RSA Key AwEAAbuSp
000 validity: not before Jul 26 14:29:11 2008 ok
000 not after Jul 26 14:29:11 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 38
000 pubkey: 1024 RSA Key AwEAAfKmu
000 validity: not before Jul 26 14:45:14 2008 ok
000 not after Jul 26 14:45:14 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 5
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 serial: 0c
000 pubkey: 1024 RSA Key AwEAAev6j, has private key
000 validity: not before Jan 28 12:45:00 2005 ok
000 not after Jan 28 12:45:00 2009 ok
000 authkey: 91:f0:06:d7:ad:12:ae:0b:02:36:bb:c8:a4:02:c1:5a:b5:0b:8c:ca
000 Sep 30 12:11:11 2008, count: 2
000 subject: 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 33
000 pubkey: 1024 RSA Key AwEAAdJeT
000 validity: not before Jul 26 14:32:56 2008 ok
000 not after Jul 26 14:32:56 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 2
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 37
000 pubkey: 1024 RSA Key AwEAAc9BP
000 validity: not before Jul 26 14:44:39 2008 ok
000 not after Jul 26 14:44:39 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000
000 List of X.509 CA Certificates:
000
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 00:d3:63:dc:75:23:6e:da:7b
000 pubkey: 2048 RSA Key AwEAAbAaj
000 validity: not before Mar 24 13:29:15 2008 ok
000 not after Mar 22 13:29:15 2018 ok
000 subjkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAaEbP
000 validity: not before Aug 01 10:42:32 2004 ok
000 not after Jul 30 10:42:32 2014 ok
000 subjkey: 7f:2a:6a:55:7b:a6:0f:aa:48:4e:c7:ee:00:6f:4c:ff:b8:ff:ec:37
000 Sep 30 12:11:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 serial: 00
000 pubkey: 512 RSA Key AwEAAapCk
000 validity: not before Aug 01 10:44:01 2004 ok
000 not after Jul 30 10:44:01 2014 ok
000 subjkey: 91:f0:06:d7:ad:12:ae:0b:02:36:bb:c8:a4:02:c1:5a:b5:0b:8c:ca
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block.rpmnew
+ base=block.rpmnew
+ _________________________ ipsec/policies/block.rpmnew
+ cat /etc/ipsec.d/policies/block.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block.rpmsave
+ base=block.rpmsave
+ _________________________ ipsec/policies/block.rpmsave
+ cat /etc/ipsec.d/policies/block.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $
#
#
# Michael's idea: Always have ROOT NAMESERVERS in the clear.
# It will make OE work much better on machines running caching
# resolvers.
#
# Based on: http://www.internic.net/zones/named.root
# This file holds the information on root name servers needed to
# last update: Jan 29, 2004
# related version of root zone: 2004012900
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
192.58.128.30/32
193.0.14.129/32
198.32.64.12/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private.rpmnew
+ base=clear-or-private.rpmnew
+ _________________________ ipsec/policies/clear-or-private.rpmnew
+ cat /etc/ipsec.d/policies/clear-or-private.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private.rpmsave
+ base=clear-or-private.rpmsave
+ _________________________ ipsec/policies/clear-or-private.rpmsave
+ cat /etc/ipsec.d/policies/clear-or-private.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear.rpmnew
+ base=clear.rpmnew
+ _________________________ ipsec/policies/clear.rpmnew
+ cat /etc/ipsec.d/policies/clear.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $
#
#
# Michael's idea: Always have ROOT NAMESERVERS in the clear.
# It will make OE work much better on machines running caching
# resolvers.
#
# Based on: http://www.internic.net/zones/named.root
# This file holds the information on root name servers needed to
# last update: Jan 29, 2004
# related version of root zone: 2004012900
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
192.58.128.30/32
193.0.14.129/32
198.32.64.12/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear.rpmsave
+ base=clear.rpmsave
+ _________________________ ipsec/policies/clear.rpmsave
+ cat /etc/ipsec.d/policies/clear.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear.rpmnew
+ base=private-or-clear.rpmnew
+ _________________________ ipsec/policies/private-or-clear.rpmnew
+ cat /etc/ipsec.d/policies/private-or-clear.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear.rpmsave
+ base=private-or-clear.rpmsave
+ _________________________ ipsec/policies/private-or-clear.rpmsave
+ cat /etc/ipsec.d/policies/private-or-clear.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private.rpmnew
+ base=private.rpmnew
+ _________________________ ipsec/policies/private.rpmnew
+ cat /etc/ipsec.d/policies/private.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private.rpmsave
+ base=private.rpmsave
+ _________________________ ipsec/policies/private.rpmsave
+ cat /etc/ipsec.d/policies/private.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/lib/ipsec
total 116
-rwxr-xr-x 1 root root 15848 Sep 17 2007 _confread
-rwxr-xr-x 1 root root 14985 Sep 17 2007 _copyright
-rwxr-xr-x 1 root root 2379 Sep 17 2007 _include
-rwxr-xr-x 1 root root 1475 Sep 17 2007 _keycensor
-rwxr-xr-x 1 root root 3586 Sep 17 2007 _plutoload
-rwxr-xr-x 1 root root 8057 Sep 17 2007 _plutorun
-rwxr-xr-x 1 root root 12480 Sep 17 2007 _realsetup
-rwxr-xr-x 1 root root 1975 Sep 17 2007 _secretcensor
-rwxr-xr-x 1 root root 11027 Sep 17 2007 _startklips
-rwxr-xr-x 1 root root 13918 Sep 17 2007 _updown
-rwxr-xr-x 1 root root 15746 Sep 17 2007 _updown_x509
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 3352
-rwxr-xr-x 1 root root 28751 Sep 17 2007 _pluto_adns
-rwxr-xr-x 1 root root 18891 Sep 17 2007 auto
-rwxr-xr-x 1 root root 11367 Sep 17 2007 barf
-rwxr-xr-x 1 root root 816 Sep 17 2007 calcgoo
-rwxr-xr-x 1 root root 207954 Sep 17 2007 eroute
-rwxr-xr-x 1 root root 63052 Sep 17 2007 ikeping
-rwxr-xr-x 1 root root 136046 Sep 17 2007 klipsdebug
-rwxr-xr-x 1 root root 1836 Sep 17 2007 livetest
-rwxr-xr-x 1 root root 2604 Sep 17 2007 look
-rwxr-xr-x 1 root root 7088 Sep 17 2007 mailkey
-rwxr-xr-x 1 root root 16015 Sep 17 2007 manual
-rwxr-xr-x 1 root root 1951 Sep 17 2007 newhostkey
-rwxr-xr-x 1 root root 117845 Sep 17 2007 pf_key
-rwxr-xr-x 1 root root 1957852 Sep 17 2007 pluto
-rwxr-xr-x 1 root root 24771 Sep 17 2007 ranbits
-rwxr-xr-x 1 root root 51846 Sep 17 2007 rsasigkey
-rwxr-xr-x 1 root root 766 Sep 17 2007 secrets
lrwxrwxrwx 1 root root 22 Sep 30 10:39 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Sep 17 2007 showdefaults
-rwxr-xr-x 1 root root 4845 Sep 17 2007 showhostkey
-rwxr-xr-x 1 root root 336592 Sep 17 2007 spi
-rwxr-xr-x 1 root root 166220 Sep 17 2007 spigrp
-rwxr-xr-x 1 root root 29722 Sep 17 2007 tncfg
-rwxr-xr-x 1 root root 13524 Sep 17 2007 verify
-rwxr-xr-x 1 root root 141961 Sep 17 2007 whack
+ _________________________ ipsec/updowns
++ ls /usr/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 2038246 11452 0 0 0 0 0 0 2038246 11452 0 0 0 0 0 0
eth0:4233301921 92040715 24009 0 0 24009 0 135467 280075323 1836691 67 0 0 240979 67 0
eth1:96462105 501947 0 0 0 0 0 2313 1100217295 958987 0 0 0 0 0 0
venet0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
veth0:2660535002 92741146 0 0 0 0 0 713271 140883454 1076720 0 0 0 0 0 0
veth1:87050109 499017 0 0 0 0 0 2493 1094695594 955699 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
tun6to4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
tun0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
veth1014.0: 21645 371 0 0 0 0 0 0 41443886 733943 0 0 0 0 0 0
veth1014.1: 468 7 0 0 0 0 0 0 199127 2642 0 0 0 0 0 0
veth1064.0: 172895 1664 0 0 0 0 0 0 41515574 735023 0 0 0 0 0 0
veth1064.1: 468 7 0 0 0 0 0 0 198995 2640 0 0 0 0 0 0
veth1065.0: 26779 358 0 0 0 0 0 0 41443884 733927 0 0 0 0 0 0
veth1065.1: 620 9 0 0 0 0 0 0 198767 2637 0 0 0 0 0 0
veth1074.0: 2143476 21694 0 0 0 0 0 0 40273388 717449 0 0 0 0 0 0
veth1074.1: 524 8 0 0 0 0 0 0 198615 2635 0 0 0 0 0 0
veth1075.0: 101493 782 0 0 0 0 0 0 41469455 734317 0 0 0 0 0 0
veth1075.1: 468 7 0 0 0 0 0 0 198387 2632 0 0 0 0 0 0
veth1076.0: 27703 365 0 0 0 0 0 0 41442016 733909 0 0 0 0 0 0
veth1076.1: 412 6 0 0 0 0 0 0 197879 2625 0 0 0 0 0 0
veth1077.0: 100245 716 0 0 0 0 0 0 41466377 734289 0 0 0 0 0 0
veth1077.1: 412 6 0 0 0 0 0 0 197599 2621 0 0 0 0 0 0
veth1078.0: 25730 334 0 0 0 0 0 0 41437617 733825 0 0 0 0 0 0
veth1078.1: 412 6 0 0 0 0 0 0 196939 2612 0 0 0 0 0 0
veth1079.0: 1438124 1915 0 0 0 0 0 0 41540497 735075 0 0 0 0 0 0
veth1079.1: 412 6 0 0 0 0 0 0 196283 2603 0 0 0 0 0 0
veth1081.0:26231781 49709 0 0 0 0 0 0 42103848 739773 0 0 0 0 0 0
veth1081.1: 1890366 1801 0 0 0 0 0 0 345403 4157 0 0 0 0 0 0
veth1082.0: 2858581 71168 0 0 0 0 0 0 44899528 804750 0 0 0 0 0 0
veth1082.1: 508 7 0 0 0 0 0 0 194959 2585 0 0 0 0 0 0
veth1083.0: 21338 341 0 0 0 0 0 0 41432998 733741 0 0 0 0 0 0
veth1083.1: 30364 323 0 0 0 0 0 0 225848 2849 0 0 0 0 0 0
veth1084.0: 31716 432 0 0 0 0 0 0 41442795 733753 0 0 0 0 0 0
veth1084.1: 6809 60 0 0 0 0 0 0 216162 2629 0 0 0 0 0 0
veth1087.0: 24636 378 0 0 0 0 0 0 41428255 733613 0 0 0 0 0 0
veth1087.1: 29462 218 0 0 0 0 0 0 222429 2760 0 0 0 0 0 0
veth1088.0: 42286 640 0 0 0 0 0 0 41447583 733712 0 0 0 0 0 0
veth1088.1: 412 6 0 0 0 0 0 0 191919 2543 0 0 0 0 0 0
veth1176.0: 2740063 26465 0 0 0 0 0 0 41192390 722971 0 0 0 0 0 0
veth1176.1: 17542 126 0 0 0 0 0 0 206750 2624 0 0 0 0 0 0
veth1192.0: 2239953 25282 0 0 0 0 0 0 40751829 721353 0 0 0 0 0 0
veth1192.1: 19187 128 0 0 0 0 0 0 197944 2558 0 0 0 0 0 0
veth1208.0: 4632419 34576 0 0 0 0 0 0 41026298 729114 0 0 0 0 0 0
veth1208.1: 412 6 0 0 0 0 0 0 186268 2492 0 0 0 0 0 0
veth1080.0: 840568 8653 0 0 0 0 0 0 16095626 291680 0 0 0 0 0 0
veth1080.1: 27664 206 0 0 0 0 0 0 95930 1197 0 0 0 0 0 0
veth1086.0: 14741 198 0 0 0 0 0 0 16893072 299829 0 0 0 0 0 0
veth1086.1: 12610 118 0 0 0 0 0 0 86430 1090 0 0 0 0 0 0
veth1112.0: 232566 3710 0 0 0 0 0 0 17328793 303776 0 0 0 0 0 0
veth1112.1: 12542 142 0 0 0 0 0 0 102038 1107 0 0 0 0 0 0
veth1120.0: 9389131 28592 0 0 0 0 0 0 19859085 329403 0 0 0 0 0 0
veth1120.1: 448 7 0 0 0 0 0 0 73728 982 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
tun0 02FA1FAC 00000000 0005 0 0 0 FFFFFFFF 0 0 0
veth0 3220CD82 0420CD82 0007 0 0 20 FFFFFFFF 0 0 0
veth0 02FF1FAC 0420CD82 0007 0 0 20 FFFFFFFF 0 0 0
veth0 0027CD82 0820CD82 0003 0 0 0 00FFFFFF 0 0 0
tun0 00FA1FAC 02FA1FAC 0003 0 0 0 00FFFFFF 0 0 0
veth0 00FF1FAC 0420CD82 0003 0 0 20 00FFFFFF 0 0 0
veth0 0021CD82 0820CD82 0003 0 0 0 00FFFFFF 0 0 0
veth1 00C01FAC 00000000 0001 0 0 0 00FFFFFF 0 0 0
veth0 009CCD82 0E20CD82 0003 0 0 0 00FCFFFF 0 0 0
veth0 0024CD82 0420CD82 0003 0 0 20 00FCFFFF 0 0 0
veth0 0020CD82 00000000 0001 0 0 0 00F0FFFF 0 0 0
veth0 00A0CD82 0E20CD82 0003 0 0 0 00E0FFFF 0 0 0
veth0 0000CD82 0120CD82 0003 0 0 0 00E0FFFF 0 0 0
veth0 00C0CD82 0E20CD82 0003 0 0 0 00C0FFFF 0 0 0
veth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
veth0 00000000 0120CD82 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter pan0/rp_filter sit0/rp_filter tun0/rp_filter tun6to4/rp_filter venet0/rp_filter veth0/rp_filter veth1014.0/rp_filter veth1014.1/rp_filter veth1064.0/rp_filter veth1064.1/rp_filter veth1065.0/rp_filter veth1065.1/rp_filter veth1074.0/rp_filter veth1074.1/rp_filter veth1075.0/rp_filter veth1075.1/rp_filter veth1076.0/rp_filter veth1076.1/rp_filter veth1077.0/rp_filter veth1077.1/rp_filter veth1078.0/rp_filter veth1078.1/rp_filter veth1079.0/rp_filter veth1079.1/rp_filter veth1080.0/rp_filter veth1080.1/rp_filter veth1081.0/rp_filter veth1081.1/rp_filter veth1082.0/rp_filter veth1082.1/rp_filter veth1083.0/rp_filter veth1083.1/rp_filter veth1084.0/rp_filter veth1084.1/rp_filter veth1086.0/rp_filter veth1086.1/rp_filter veth1087.0/rp_filter veth1087.1/rp_filter veth1088.0/rp_filter veth1088.1/rp_filter veth1112.0/rp_filter veth1112.1/rp_filter veth1120.0/rp_filter veth1120.1/rp_filter veth1176.0/rp_filter veth1176.1/rp_filter veth1192.0/rp_filter veth1192.1/rp_filter veth1208.0/rp_filter veth1208.1/rp_filter veth1/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
sit0/rp_filter:1
tun0/rp_filter:1
tun6to4/rp_filter:1
venet0/rp_filter:1
veth0/rp_filter:1
veth1014.0/rp_filter:1
veth1014.1/rp_filter:1
veth1064.0/rp_filter:1
veth1064.1/rp_filter:1
veth1065.0/rp_filter:1
veth1065.1/rp_filter:1
veth1074.0/rp_filter:1
veth1074.1/rp_filter:1
veth1075.0/rp_filter:1
veth1075.1/rp_filter:1
veth1076.0/rp_filter:1
veth1076.1/rp_filter:1
veth1077.0/rp_filter:1
veth1077.1/rp_filter:1
veth1078.0/rp_filter:1
veth1078.1/rp_filter:1
veth1079.0/rp_filter:1
veth1079.1/rp_filter:1
veth1080.0/rp_filter:1
veth1080.1/rp_filter:1
veth1081.0/rp_filter:1
veth1081.1/rp_filter:1
veth1082.0/rp_filter:1
veth1082.1/rp_filter:1
veth1083.0/rp_filter:1
veth1083.1/rp_filter:1
veth1084.0/rp_filter:1
veth1084.1/rp_filter:1
veth1086.0/rp_filter:1
veth1086.1/rp_filter:1
veth1087.0/rp_filter:1
veth1087.1/rp_filter:1
veth1088.0/rp_filter:1
veth1088.1/rp_filter:1
veth1112.0/rp_filter:1
veth1112.1/rp_filter:1
veth1120.0/rp_filter:1
veth1120.1/rp_filter:1
veth1176.0/rp_filter:1
veth1176.1/rp_filter:1
veth1192.0/rp_filter:1
veth1192.1/rp_filter:1
veth1208.0/rp_filter:1
veth1208.1/rp_filter:1
veth1/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter pan0/rp_filter sit0/rp_filter tun0/rp_filter tun6to4/rp_filter venet0/rp_filter veth0/rp_filter veth1014.0/rp_filter veth1014.1/rp_filter veth1064.0/rp_filter veth1064.1/rp_filter veth1065.0/rp_filter veth1065.1/rp_filter veth1074.0/rp_filter veth1074.1/rp_filter veth1075.0/rp_filter veth1075.1/rp_filter veth1076.0/rp_filter veth1076.1/rp_filter veth1077.0/rp_filter veth1077.1/rp_filter veth1078.0/rp_filter veth1078.1/rp_filter veth1079.0/rp_filter veth1079.1/rp_filter veth1080.0/rp_filter veth1080.1/rp_filter veth1081.0/rp_filter veth1081.1/rp_filter veth1082.0/rp_filter veth1082.1/rp_filter veth1083.0/rp_filter veth1083.1/rp_filter veth1084.0/rp_filter veth1084.1/rp_filter veth1086.0/rp_filter veth1086.1/rp_filter veth1087.0/rp_filter veth1087.1/rp_filter veth1088.0/rp_filter veth1088.1/rp_filter veth1112.0/rp_filter veth1112.1/rp_filter veth1120.0/rp_filter veth1120.1/rp_filter veth1176.0/rp_filter veth1176.1/rp_filter veth1192.0/rp_filter veth1192.1/rp_filter veth1208.0/rp_filter veth1208.1/rp_filter veth1/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
sit0/rp_filter:1
tun0/rp_filter:1
tun6to4/rp_filter:1
venet0/rp_filter:1
veth0/rp_filter:1
veth1014.0/rp_filter:1
veth1014.1/rp_filter:1
veth1064.0/rp_filter:1
veth1064.1/rp_filter:1
veth1065.0/rp_filter:1
veth1065.1/rp_filter:1
veth1074.0/rp_filter:1
veth1074.1/rp_filter:1
veth1075.0/rp_filter:1
veth1075.1/rp_filter:1
veth1076.0/rp_filter:1
veth1076.1/rp_filter:1
veth1077.0/rp_filter:1
veth1077.1/rp_filter:1
veth1078.0/rp_filter:1
veth1078.1/rp_filter:1
veth1079.0/rp_filter:1
veth1079.1/rp_filter:1
veth1080.0/rp_filter:1
veth1080.1/rp_filter:1
veth1081.0/rp_filter:1
veth1081.1/rp_filter:1
veth1082.0/rp_filter:1
veth1082.1/rp_filter:1
veth1083.0/rp_filter:1
veth1083.1/rp_filter:1
veth1084.0/rp_filter:1
veth1084.1/rp_filter:1
veth1086.0/rp_filter:1
veth1086.1/rp_filter:1
veth1087.0/rp_filter:1
veth1087.1/rp_filter:1
veth1088.0/rp_filter:1
veth1088.1/rp_filter:1
veth1112.0/rp_filter:1
veth1112.1/rp_filter:1
veth1120.0/rp_filter:1
veth1120.1/rp_filter:1
veth1176.0/rp_filter:1
veth1176.1/rp_filter:1
veth1192.0/rp_filter:1
veth1192.1/rp_filter:1
veth1208.0/rp_filter:1
veth1208.1/rp_filter:1
veth1/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects pan0/accept_redirects pan0/secure_redirects pan0/send_redirects sit0/accept_redirects sit0/secure_redirects sit0/send_redirects tun0/accept_redirects tun0/secure_redirects tun0/send_redirects tun6to4/accept_redirects tun6to4/secure_redirects tun6to4/send_redirects venet0/accept_redirects venet0/secure_redirects venet0/send_redirects veth0/accept_redirects veth0/secure_redirects veth0/send_redirects veth1014.0/accept_redirects veth1014.0/secure_redirects veth1014.0/send_redirects veth1014.1/accept_redirects veth1014.1/secure_redirects veth1014.1/send_redirects veth1064.0/accept_redirects veth1064.0/secure_redirects veth1064.0/send_redirects veth1064.1/accept_redirects veth1064.1/secure_redirects veth1064.1/send_redirects veth1065.0/accept_redirects veth1065.0/secure_redirects veth1065.0/send_redirects veth1065.1/accept_redirects veth1065.1/secure_redirects veth1065.1/send_redirects veth1074.0/accept_redirects veth1074.0/secure_redirects veth1074.0/send_redirects veth1074.1/accept_redirects veth1074.1/secure_redirects veth1074.1/send_redirects veth1075.0/accept_redirects veth1075.0/secure_redirects veth1075.0/send_redirects veth1075.1/accept_redirects veth1075.1/secure_redirects veth1075.1/send_redirects veth1076.0/accept_redirects veth1076.0/secure_redirects veth1076.0/send_redirects veth1076.1/accept_redirects veth1076.1/secure_redirects veth1076.1/send_redirects veth1077.0/accept_redirects veth1077.0/secure_redirects veth1077.0/send_redirects veth1077.1/accept_redirects veth1077.1/secure_redirects veth1077.1/send_redirects veth1078.0/accept_redirects veth1078.0/secure_redirects veth1078.0/send_redirects veth1078.1/accept_redirects veth1078.1/secure_redirects veth1078.1/send_redirects veth1079.0/accept_redirects veth1079.0/secure_redirects veth1079.0/send_redirects veth1079.1/accept_redirects veth1079.1/secure_redirects veth1079.1/send_redirects veth1080.0/accept_redirects veth1080.0/secure_redirects veth1080.0/send_redirects veth1080.1/accept_redirects veth1080.1/secure_redirects veth1080.1/send_redirects veth1081.0/accept_redirects veth1081.0/secure_redirects veth1081.0/send_redirects veth1081.1/accept_redirects veth1081.1/secure_redirects veth1081.1/send_redirects veth1082.0/accept_redirects veth1082.0/secure_redirects veth1082.0/send_redirects veth1082.1/accept_redirects veth1082.1/secure_redirects veth1082.1/send_redirects veth1083.0/accept_redirects veth1083.0/secure_redirects veth1083.0/send_redirects veth1083.1/accept_redirects veth1083.1/secure_redirects veth1083.1/send_redirects veth1084.0/accept_redirects veth1084.0/secure_redirects veth1084.0/send_redirects veth1084.1/accept_redirects veth1084.1/secure_redirects veth1084.1/send_redirects veth1086.0/accept_redirects veth1086.0/secure_redirects veth1086.0/send_redirects veth1086.1/accept_redirects veth1086.1/secure_redirects veth1086.1/send_redirects veth1087.0/accept_redirects veth1087.0/secure_redirects veth1087.0/send_redirects veth1087.1/accept_redirects veth1087.1/secure_redirects veth1087.1/send_redirects veth1088.0/accept_redirects veth1088.0/secure_redirects veth1088.0/send_redirects veth1088.1/accept_redirects veth1088.1/secure_redirects veth1088.1/send_redirects veth1112.0/accept_redirects veth1112.0/secure_redirects veth1112.0/send_redirects veth1112.1/accept_redirects veth1112.1/secure_redirects veth1112.1/send_redirects veth1120.0/accept_redirects veth1120.0/secure_redirects veth1120.0/send_redirects veth1120.1/accept_redirects veth1120.1/secure_redirects veth1120.1/send_redirects veth1176.0/accept_redirects veth1176.0/secure_redirects veth1176.0/send_redirects veth1176.1/accept_redirects veth1176.1/secure_redirects veth1176.1/send_redirects veth1192.0/accept_redirects veth1192.0/secure_redirects veth1192.0/send_redirects veth1192.1/accept_redirects veth1192.1/secure_redirects veth1192.1/send_redirects veth1208.0/accept_redirects veth1208.0/secure_redirects veth1208.0/send_redirects veth1208.1/accept_redirects veth1208.1/secure_redirects veth1208.1/send_redirects veth1/accept_redirects veth1/secure_redirects veth1/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
pan0/accept_redirects:1
pan0/secure_redirects:1
pan0/send_redirects:1
sit0/accept_redirects:1
sit0/secure_redirects:1
sit0/send_redirects:1
tun0/accept_redirects:1
tun0/secure_redirects:1
tun0/send_redirects:1
tun6to4/accept_redirects:1
tun6to4/secure_redirects:1
tun6to4/send_redirects:1
venet0/accept_redirects:1
venet0/secure_redirects:1
venet0/send_redirects:0
veth0/accept_redirects:1
veth0/secure_redirects:1
veth0/send_redirects:1
veth1014.0/accept_redirects:1
veth1014.0/secure_redirects:1
veth1014.0/send_redirects:1
veth1014.1/accept_redirects:1
veth1014.1/secure_redirects:1
veth1014.1/send_redirects:1
veth1064.0/accept_redirects:1
veth1064.0/secure_redirects:1
veth1064.0/send_redirects:1
veth1064.1/accept_redirects:1
veth1064.1/secure_redirects:1
veth1064.1/send_redirects:1
veth1065.0/accept_redirects:1
veth1065.0/secure_redirects:1
veth1065.0/send_redirects:1
veth1065.1/accept_redirects:1
veth1065.1/secure_redirects:1
veth1065.1/send_redirects:1
veth1074.0/accept_redirects:1
veth1074.0/secure_redirects:1
veth1074.0/send_redirects:1
veth1074.1/accept_redirects:1
veth1074.1/secure_redirects:1
veth1074.1/send_redirects:1
veth1075.0/accept_redirects:1
veth1075.0/secure_redirects:1
veth1075.0/send_redirects:1
veth1075.1/accept_redirects:1
veth1075.1/secure_redirects:1
veth1075.1/send_redirects:1
veth1076.0/accept_redirects:1
veth1076.0/secure_redirects:1
veth1076.0/send_redirects:1
veth1076.1/accept_redirects:1
veth1076.1/secure_redirects:1
veth1076.1/send_redirects:1
veth1077.0/accept_redirects:1
veth1077.0/secure_redirects:1
veth1077.0/send_redirects:1
veth1077.1/accept_redirects:1
veth1077.1/secure_redirects:1
veth1077.1/send_redirects:1
veth1078.0/accept_redirects:1
veth1078.0/secure_redirects:1
veth1078.0/send_redirects:1
veth1078.1/accept_redirects:1
veth1078.1/secure_redirects:1
veth1078.1/send_redirects:1
veth1079.0/accept_redirects:1
veth1079.0/secure_redirects:1
veth1079.0/send_redirects:1
veth1079.1/accept_redirects:1
veth1079.1/secure_redirects:1
veth1079.1/send_redirects:1
veth1080.0/accept_redirects:1
veth1080.0/secure_redirects:1
veth1080.0/send_redirects:1
veth1080.1/accept_redirects:1
veth1080.1/secure_redirects:1
veth1080.1/send_redirects:1
veth1081.0/accept_redirects:1
veth1081.0/secure_redirects:1
veth1081.0/send_redirects:1
veth1081.1/accept_redirects:1
veth1081.1/secure_redirects:1
veth1081.1/send_redirects:1
veth1082.0/accept_redirects:1
veth1082.0/secure_redirects:1
veth1082.0/send_redirects:1
veth1082.1/accept_redirects:1
veth1082.1/secure_redirects:1
veth1082.1/send_redirects:1
veth1083.0/accept_redirects:1
veth1083.0/secure_redirects:1
veth1083.0/send_redirects:1
veth1083.1/accept_redirects:1
veth1083.1/secure_redirects:1
veth1083.1/send_redirects:1
veth1084.0/accept_redirects:1
veth1084.0/secure_redirects:1
veth1084.0/send_redirects:1
veth1084.1/accept_redirects:1
veth1084.1/secure_redirects:1
veth1084.1/send_redirects:1
veth1086.0/accept_redirects:1
veth1086.0/secure_redirects:1
veth1086.0/send_redirects:1
veth1086.1/accept_redirects:1
veth1086.1/secure_redirects:1
veth1086.1/send_redirects:1
veth1087.0/accept_redirects:1
veth1087.0/secure_redirects:1
veth1087.0/send_redirects:1
veth1087.1/accept_redirects:1
veth1087.1/secure_redirects:1
veth1087.1/send_redirects:1
veth1088.0/accept_redirects:1
veth1088.0/secure_redirects:1
veth1088.0/send_redirects:1
veth1088.1/accept_redirects:1
veth1088.1/secure_redirects:1
veth1088.1/send_redirects:1
veth1112.0/accept_redirects:1
veth1112.0/secure_redirects:1
veth1112.0/send_redirects:1
veth1112.1/accept_redirects:1
veth1112.1/secure_redirects:1
veth1112.1/send_redirects:1
veth1120.0/accept_redirects:1
veth1120.0/secure_redirects:1
veth1120.0/send_redirects:1
veth1120.1/accept_redirects:1
veth1120.1/secure_redirects:1
veth1120.1/send_redirects:1
veth1176.0/accept_redirects:1
veth1176.0/secure_redirects:1
veth1176.0/send_redirects:1
veth1176.1/accept_redirects:1
veth1176.1/secure_redirects:1
veth1176.1/send_redirects:1
veth1192.0/accept_redirects:1
veth1192.0/secure_redirects:1
veth1192.0/send_redirects:1
veth1192.1/accept_redirects:1
veth1192.1/secure_redirects:1
veth1192.1/send_redirects:1
veth1208.0/accept_redirects:1
veth1208.0/secure_redirects:1
veth1208.0/send_redirects:1
veth1208.1/accept_redirects:1
veth1208.1/secure_redirects:1
veth1208.1/send_redirects:1
veth1/accept_redirects:1
veth1/secure_redirects:1
veth1/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux romulus.wittsend.com 2.6.24-ovz005.1 #1 SMP Mon May 12 16:38:09 MSD 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 9 (Sulphur)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.24-ovz005.1) support detected '
NETKEY (2.6.24-ovz005.1) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
312K 38M ACCEPT all -- * * 130.205.32.0/22 0.0.0.0/0
1560K 230M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 4928K packets, 515M bytes)
pkts bytes target prot opt in out source destination
40M 3972M DROP all -- * * 0.0.0.0/0 130.205.192.0/18
21M 2083M DROP all -- * * 0.0.0.0/0 130.205.160.0/19
2442K 244M DROP all -- * * 0.0.0.0/0 130.205.156.0/22
Chain OUTPUT (policy ACCEPT 1080K packets, 128M bytes)
pkts bytes target prot opt in out source destination
Chain FTP-INPUT (1 references)
pkts bytes target prot opt in out source destination
2 100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 state ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
Chain FTP-OUTPUT (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
Chain RH-Firewall-1-INPUT (1 references)
pkts bytes target prot opt in out source destination
10983 1995K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- vmnet1 * 0.0.0.0/0 0.0.0.0/0
104 6334 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT 41 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
14 3035 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
1616 565K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
1402K 137M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
142K 90M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.205.32.71 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.205.32.71 state NEW tcp dpts:1024:65535
78 3768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
8 480 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:389
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636
27 1553 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8008
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
48 3072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:179
3136 160K FTP-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
2844 141K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
290 18601 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 291K packets, 66M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1596 packets, 110K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1012 packets, 76333 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 92M packets, 11G bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1871K packets, 268M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 68M packets, 6814M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1080K packets, 128M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 6007K packets, 642M bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
xfrm4_tunnel 6144 0 - Live 0xf8f5a000
af_key 33936 0 - Live 0xf8f7b000
iptable_nat 11140 0 - Live 0xf8f65000
nf_nat 19384 1 iptable_nat, Live 0xf8f75000
xfrm4_mode_tunnel 6144 4 - Live 0xf8f5d000
ipcomp 9608 0 - Live 0xf8ee4000
esp4 9472 2 - Live 0xf8f53000
ah4 8448 0 - Live 0xf8f4f000
deflate 6528 0 - Live 0xf8fcd000
zlib_deflate 21912 1 deflate, Live 0xf8fe8000
camellia 39552 0 - Live 0xf8ff5000
crypto_null 6144 0 - Live 0xf8fca000
serpent 21632 0 - Live 0xf8fe1000
blowfish 12160 0 - Live 0xf8fc6000
twofish 10624 0 - Live 0xf8fc2000
twofish_common 35200 1 twofish, Live 0xf8fd0000
ecb 6400 0 - Live 0xf8fbf000
xcbc 8456 0 - Live 0xf8fbb000
cbc 7424 2 - Live 0xf8f8f000
sha256_generic 12928 0 - Live 0xf8fb6000
sha512 13184 0 - Live 0xf8fb1000
des_generic 19200 0 - Live 0xf8f9f000
aes_i586 37888 2 - Live 0xf8fa6000
geode_aes 8712 0 - Live 0xf8f9b000
blkcipher 9220 3 ecb,cbc,geode_aes, Live 0xf8f8b000
aes_generic 32192 0 - Live 0xf8f92000
xfrm6_tunnel 10016 0 - Live 0xf8f4b000
tunnel6 6536 1 xfrm6_tunnel, Live 0xf8f48000
ftdi_sio 35732 0 - Live 0xf8f34000
usbserial 30952 1 ftdi_sio, Live 0xf8f3f000
simfs 7628 22 - Live 0xf8ede000
vzrst 122772 0 - Live 0xf8ef3000
vzcpt 103204 0 - Live 0xf8f13000
vzdquota 40600 22 [permanent], Live 0xf8ee8000
ipt_LOG 9600 2 - Live 0xf8ec4000
xt_conntrack 6144 0 - Live 0xf8ed7000
xt_length 5632 0 - Live 0xf8ed4000
ipt_ttl 5376 0 - Live 0xf8ed1000
xt_tcpmss 5760 0 - Live 0xf8ece000
xt_TCPMSS 7552 0 - Live 0xf8ecb000
iptable_mangle 7552 22 - Live 0xf8ec8000
xt_multiport 6912 8 - Live 0xf8ae7000
xt_limit 6016 0 - Live 0xf8ec1000
ipt_tos 5248 0 - Live 0xf8aea000
rfcomm 35100 4 - Live 0xf8e89000
bnep 14848 2 - Live 0xf8b15000
l2cap 22148 16 rfcomm,bnep, Live 0xf8eba000
bluetooth 48228 5 rfcomm,bnep,l2cap, Live 0xf8e68000
autofs4 21252 4 - Live 0xf8e82000
fuse 44040 45 - Live 0xf8e76000
tun 12288 3 vzrst,vzcpt, Live 0xf8b11000
sunrpc 153500 3 - Live 0xf8e93000
sit 12928 22 - Live 0xf8b0c000
tunnel4 6664 2 xfrm4_tunnel,sit, Live 0xf8b09000
bridge 49560 0 - Live 0xf8b1a000
nf_conntrack_ftp 11048 0 - Live 0xf8b05000
ipt_REJECT 7424 3 - Live 0xf8af2000
xt_tcpudp 6912 60 - Live 0xf8ae1000
nf_conntrack_ipv4 14472 66 iptable_nat, Live 0xf8aed000
xt_state 5760 42 - Live 0xf8ae4000
nf_conntrack 60752 6 iptable_nat,nf_nat,xt_conntrack,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state, Live 0xf8af5000
iptable_filter 7428 27 - Live 0xf8aad000
ip_tables 15064 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xf8aa8000
x_tables 15620 14 iptable_nat,ipt_LOG,xt_conntrack,xt_length,ipt_ttl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,xt_tcpudp,xt_state,ip_tables, Live 0xf8a60000
dm_mirror 22912 0 - Live 0xf8aa1000
dm_multipath 19080 0 - Live 0xf8a19000
dm_mod 52676 5 dm_mirror,dm_multipath, Live 0xf8ab2000
vzethdev 12288 0 - Live 0xf89e5000
vznetdev 18180 25 - Live 0xf8a54000
vzmon 31496 26 vzrst,vzcpt,vzethdev,vznetdev, Live 0xf8a76000
ipv6 240384 324 xfrm6_tunnel,tunnel6,vzrst,vzcpt,sit,vzmon, Live 0xf8b2a000
vzdev 6532 6 vzdquota,vzethdev,vznetdev,vzmon, Live 0xf89e9000
sr_mod 17704 0 - Live 0xf8a13000
cdrom 36928 1 sr_mod, Live 0xf8a29000
floppy 54916 0 - Live 0xf8a67000
sg 33564 0 - Live 0xf8a1f000
e1000 115584 0 - Live 0xf8a36000
button 10256 0 - Live 0xf8a0f000
ata_piix 18052 0 - Live 0xf89c8000
i2c_i801 11920 0 - Live 0xf89e1000
iTCO_wdt 13868 0 - Live 0xf89dc000
ata_generic 8712 0 - Live 0xf89d8000
iTCO_vendor_support 7176 1 iTCO_wdt, Live 0xf89d5000
i6300esb 8988 0 - Live 0xf893c000
i2c_core 21376 1 i2c_i801, Live 0xf89ce000
pata_acpi 8576 0 - Live 0xf896e000
pcspkr 6272 0 - Live 0xf8969000
sata_sil 11660 10 - Live 0xf8965000
libata 132316 4 ata_piix,ata_generic,pata_acpi,sata_sil, Live 0xf89ed000
sd_mod 26880 12 - Live 0xf89be000
scsi_mod 126764 4 sr_mod,sg,libata,sd_mod, Live 0xf897f000
ext3 113032 9 - Live 0xf89a1000
jbd 41620 1 ext3, Live 0xf8973000
mbcache 10112 1 ext3, Live 0xf8961000
uhci_hcd 24852 0 - Live 0xf8920000
ohci_hcd 23308 0 - Live 0xf8932000
ehci_hcd 33560 0 - Live 0xf8928000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 3892160 kB
MemFree: 123400 kB
Buffers: 539024 kB
Cached: 2027952 kB
SwapCached: 4 kB
Active: 1772984 kB
Inactive: 1676328 kB
HighTotal: 3014592 kB
HighFree: 94112 kB
LowTotal: 877568 kB
LowFree: 29288 kB
SwapTotal: 2096440 kB
SwapFree: 2096316 kB
Dirty: 1868 kB
Writeback: 0 kB
AnonPages: 882284 kB
Mapped: 156064 kB
Slab: 287332 kB
SReclaimable: 241064 kB
SUnreclaim: 46268 kB
PageTables: 11792 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 4042520 kB
Committed_AS: 2301796 kB
VmallocTotal: 114680 kB
VmallocUsed: 7980 kB
VmallocChunk: 106488 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
CONFIG_IP_DCCP_ACKVEC=y
CONFIG_IP_DCCP_CCID2=m
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_CCID3_RTO=100
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IP1000=m
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
# CONFIG_IPW2200_DEBUG is not set
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_GEODE=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_GEODE=m
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
search wittsend.com
nameserver 130.205.32.4
nameserver 130.205.38.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 2
drwxr-xr-x 5 root root 1024 Sep 25 15:34 2.6.24-ovz005.1
drwxr-xr-x 7 root root 1024 Sep 28 00:23 2.6.26.3-29.fc9.i686
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05b7f0a T netif_rx
c05b8050 T netif_rx_ni
c06f7348 r __ksymtab_netif_rx_ni
c06f7448 r __ksymtab_netif_rx
c0707b23 r __kstrtab_netif_rx_ni
c0707d59 r __kstrtab_netif_rx
c05b8050 u netif_rx_ni [bnep]
c05b8050 u netif_rx_ni [tun]
c05b7f0a u netif_rx [sit]
c05b7f0a u netif_rx [vzethdev]
c05b7f0a u netif_rx [vznetdev]
c05b7f0a u netif_rx [ipv6]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.24-ovz005.1:
2.6.26.3-29.fc9.i686:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '3852,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Sep 30 10:37:12 romulus ipsec_setup: Starting Openswan IPsec U2.6.14/K2.6.24-ovz005.1...
Sep 30 10:37:12 romulus ipsec_setup:
Sep 30 10:37:12 romulus ipsec_setup:
Sep 30 10:37:12 romulus ipsec_setup: defaulting leftsubnet to 130.205.32.3
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from canyon.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "canyon"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from chaos.iss.net.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "chaos"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from remus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from charon.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "charon-0"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from remus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from charon.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "charon-1"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from complex.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "complex-1"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from kolvir.iss.net.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "kolvir"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from levy.bythesea.org.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "levy-0"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from levy.bythesea.org.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "levy-1"
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loading certificate from rebma.iss.net.crt
Sep 30 10:37:12 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 10:37:12 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 10:37:12 romulus ipsec__plutorun: 002 added connection description "rebma"
Sep 30 10:37:12 romulus ipsec__plutorun: right: do something with host case: 0
Sep 30 10:37:12 romulus ipsec__plutorun: right: do something with host case: 0
Sep 30 10:38:51 romulus ipsec_starter[30448]: defaulting leftsubnet to 130.205.32.3
Sep 30 10:38:53 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 10:38:53 romulus ipsec_setup: Stopping Openswan IPsec...
Sep 30 10:39:18 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 10:39:18 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "charon-0"
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "charon-1"
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 10:39:19 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 10:39:19 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "kolvir"
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "canyon"
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:39:19 romulus ipsec__plutorun: ...could not add conn "complex-1"
Sep 30 10:42:41 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 10:42:41 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 10:42:42 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 10:42:42 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:42:42 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 10:42:42 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 10:42:42 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:42:42 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 10:42:43 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 10:42:43 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:42:43 romulus ipsec__plutorun: ...could not add conn "complex-1"
Sep 30 10:43:34 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 10:43:35 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 10:43:35 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 10:43:36 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:43:36 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 10:43:36 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 10:43:36 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:43:36 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 10:43:36 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 10:43:36 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 10:43:36 romulus ipsec__plutorun: ...could not add conn "complex-1"
Sep 30 11:51:03 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 11:51:03 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 11:51:03 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "charon-0"
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "complex"
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "charon-1"
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 11:51:04 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 11:51:04 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "kolvir"
Sep 30 11:51:04 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 11:51:04 romulus ipsec__plutorun: ...could not add conn "canyon"
Sep 30 11:51:42 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 12:09:53 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 12:09:53 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: ...could not add conn "charon-0"
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: ...could not add conn "complex"
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: ...could not add conn "charon-1"
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 12:09:54 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 12:09:54 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 12:09:55 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:55 romulus ipsec__plutorun: ...could not add conn "kolvir"
Sep 30 12:09:55 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:55 romulus ipsec__plutorun: ...could not add conn "canyon"
Sep 30 12:10:48 romulus ipsec_setup: ...Openswan IPsec stopped
Sep 30 12:11:10 romulus ipsec_setup: NETKEY on veth0 130.205.32.3/255.255.240.0 broadcast 130.205.47.255
Sep 30 12:11:10 romulus ipsec_setup: ...Openswan IPsec started
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "charon-0"
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "complex"
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "charon-1"
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "chaos"
Sep 30 12:11:11 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-0": connection has no "right" parameter specified
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "rebma"
Sep 30 12:11:11 romulus ipsec__plutorun: ipsec_auto: fatal error in "levy-1": connection has no "right" parameter specified
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "kolvir"
Sep 30 12:11:11 romulus ipsec__plutorun: 027 bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus ipsec__plutorun: ...could not add conn "canyon"
+ _________________________ plog
+ sed -n '10064,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Sep 30 12:11:10 romulus ipsec__plutorun: Starting Pluto subsystem...
Sep 30 12:11:10 romulus pluto[9315]: Starting Pluto (Openswan Version 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE_]{vKgCoOI)
Sep 30 12:11:10 romulus pluto[9315]: Setting NAT-Traversal port-4500 floating to on
Sep 30 12:11:10 romulus pluto[9315]: port floating activation criteria nat_t=1/port_fload=1
Sep 30 12:11:10 romulus pluto[9315]: including NAT-Traversal patch (Version 0.6c)
Sep 30 12:11:10 romulus pluto[9315]: | opening /dev/urandom
Sep 30 12:11:10 romulus pluto[9315]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Sep 30 12:11:10 romulus pluto[9315]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 30 12:11:10 romulus pluto[9315]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 30 12:11:10 romulus pluto[9315]: starting up 1 cryptographic helpers
Sep 30 12:11:10 romulus pluto[9316]: | opening /dev/urandom
Sep 30 12:11:10 romulus pluto[9316]: ! helper 0 waiting on fd: 7
Sep 30 12:11:10 romulus pluto[9315]: started helper pid=9316 (fd:6)
Sep 30 12:11:10 romulus pluto[9315]: Using NETKEY IPsec interface code on 2.6.24-ovz005.1
Sep 30 12:11:11 romulus pluto[9315]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 30 12:11:11 romulus pluto[9315]: loaded CA cert file 'wittsendCA.pem' (960 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | authcert inserted
Sep 30 12:11:11 romulus pluto[9315]: loaded CA cert file 'wittsendCA.crt' (960 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | authcert is already present and identical
Sep 30 12:11:11 romulus pluto[9315]: loaded CA cert file 'issCA.pem' (1042 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | authcert inserted
Sep 30 12:11:11 romulus pluto[9315]: loaded CA cert file 'issCA.crt' (1042 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | authcert is already present and identical
Sep 30 12:11:11 romulus pluto[9315]: loaded CA cert file 'WittsEndCA.crt' (1342 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'sha-1WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Mar 24 17:29:15 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Mar 22 17:29:15 UTC 2018'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'sha-1WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | authcert inserted
Sep 30 12:11:11 romulus pluto[9315]: Could not change to directory '/etc/ipsec.d/aacerts'
Sep 30 12:11:11 romulus pluto[9315]: Changing to directory '/etc/ipsec.d/ocspcerts'
Sep 30 12:11:11 romulus pluto[9315]: Could not change to directory '/etc/ipsec.d/crls'
Sep 30 12:11:11 romulus pluto[9315]: | inserting event EVENT_LOG_DAILY, timeout in 42529 seconds
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection charon-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectAltName'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - generalNames:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.ip6.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.wittsend.org'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.commandcorp.com'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "charon-0"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection complex with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectAltName'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - generalNames:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'complex.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'complex.ip6.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'complex.wittsend.org'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'complex.commandcorp.com'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "complex"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.12---65.7.156.165[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com]===130.205.0.0/19
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection charon-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectAltName'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - generalNames:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.ip6.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.wittsend.org'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'remus.commandcorp.com'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "charon-1"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.0/24===130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]===130.205.36.0/24
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection chaos with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:29:11 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:29:11 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "chaos"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.37[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net]
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection rebma with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:30:00 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:30:00 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "rebma"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.68[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net]
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection kolvir with policy RSASIG+ENCRYPT+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:29:25 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:29:25 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net is 0
Sep 30 12:11:11 romulus pluto[9315]: added connection description "kolvir"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.84[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net]
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: | Added new connection canyon with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END CERTIFICATE-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:11 romulus pluto[9315]: | v3
Sep 30 12:11:11 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:53:50 UTC 2008'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:11 romulus pluto[9315]: | 'Jul 26 18:53:50 UTC 2012'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:11 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | TRUE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:11 romulus pluto[9315]: | 'subjectAltName'
Sep 30 12:11:11 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:11 romulus pluto[9315]: | FALSE
Sep 30 12:11:11 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:11 romulus pluto[9315]: | L6 - generalNames:
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'canyon.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'canyon.ip6.wittsend.com'
Sep 30 12:11:11 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:11 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:11 romulus pluto[9315]: | 'canyon.wittsend.org'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:11 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:11 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:11 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:11 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:11 romulus pluto[9315]: | certificate is valid
Sep 30 12:11:11 romulus pluto[9315]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:11:11 romulus pluto[9315]: | based upon policy, the connection is a template.
Sep 30 12:11:11 romulus pluto[9315]: added connection description "canyon"
Sep 30 12:11:11 romulus pluto[9315]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com]
Sep 30 12:11:11 romulus pluto[9315]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:11 romulus pluto[9315]: |
Sep 30 12:11:11 romulus pluto[9315]: | *received whack message
Sep 30 12:11:11 romulus pluto[9315]: listening for IKE messages
Sep 30 12:11:11 romulus pluto[9315]: | found lo with address 127.0.0.1
Sep 30 12:11:11 romulus pluto[9315]: | found veth0 with address 130.205.32.3
Sep 30 12:11:11 romulus pluto[9315]: | found veth1 with address 172.31.192.3
Sep 30 12:11:11 romulus pluto[9315]: | found tun0 with address 172.31.250.1
Sep 30 12:11:11 romulus pluto[9315]: adding interface tun0/tun0 172.31.250.1:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface tun0/tun0 172.31.250.1:4500
Sep 30 12:11:11 romulus pluto[9315]: adding interface veth1/veth1 172.31.192.3:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface veth1/veth1 172.31.192.3:4500
Sep 30 12:11:11 romulus pluto[9315]: adding interface veth0/veth0 130.205.32.3:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface veth0/veth0 130.205.32.3:4500
Sep 30 12:11:11 romulus pluto[9315]: adding interface lo/lo 127.0.0.1:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface lo/lo 127.0.0.1:4500
Sep 30 12:11:11 romulus pluto[9315]: | found tun6to4 with address 2002:82cd:2003:0000:0000:0000:0000:0001
Sep 30 12:11:11 romulus pluto[9315]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
Sep 30 12:11:11 romulus pluto[9315]: | found veth1 with address 2001:4830:3000:0002:0280:3fff:fe03:455b
Sep 30 12:11:11 romulus pluto[9315]: adding interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface lo/lo ::1:500
Sep 30 12:11:11 romulus pluto[9315]: adding interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:11:11 romulus pluto[9315]: loading secrets from "/etc/ipsec.secrets"
Sep 30 12:11:11 romulus pluto[9315]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Sep 30 12:11:11 romulus pluto[9315]: loaded private key file '/etc/ipsec.d/private/romulus.wittsend.com.key' (887 bytes)
Sep 30 12:11:11 romulus pluto[9315]: | file content is not binary ASN.1
Sep 30 12:11:11 romulus pluto[9315]: | -----BEGIN RSA PRIVATE KEY-----
Sep 30 12:11:11 romulus pluto[9315]: | -----END RSA PRIVATE KEY-----
Sep 30 12:11:11 romulus pluto[9315]: | file coded in PEM format
Sep 30 12:11:11 romulus pluto[9315]: | L0 - RSAPrivateKey:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - version:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - modulus:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - publicExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - privateExponent:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - prime1:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - prime2:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - exponent1:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - exponent2:
Sep 30 12:11:11 romulus pluto[9315]: | L1 - coefficient:
Sep 30 12:11:11 romulus pluto[9315]: | loaded private key for keyid: PPK_RSA:AwEAAev6j
Sep 30 12:11:11 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:11:16 romulus pluto[9315]: |
Sep 30 12:11:16 romulus pluto[9315]: | *received 312 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:11:16 romulus pluto[9315]: | **parse ISAKMP Message:
Sep 30 12:11:16 romulus pluto[9315]: | initiator cookie:
Sep 30 12:11:16 romulus pluto[9315]: | c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | responder cookie:
Sep 30 12:11:16 romulus pluto[9315]: | 00 00 00 00 00 00 00 00
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:11:16 romulus pluto[9315]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:11:16 romulus pluto[9315]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:11:16 romulus pluto[9315]: | flags: none
Sep 30 12:11:16 romulus pluto[9315]: | message ID: 00 00 00 00
Sep 30 12:11:16 romulus pluto[9315]: | length: 312
Sep 30 12:11:16 romulus pluto[9315]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 148
Sep 30 12:11:16 romulus pluto[9315]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 16
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [Openswan (this version) 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [Dead Peer Detection]
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [RFC 3947] method set to=110
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Sep 30 12:11:16 romulus pluto[9315]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 30 12:11:16 romulus pluto[9315]: | creating state object #1 at 0x800d9570
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: responding to Main Mode
Sep 30 12:11:16 romulus pluto[9315]: | ****parse IPsec DOI SIT:
Sep 30 12:11:16 romulus pluto[9315]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:11:16 romulus pluto[9315]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 136
Sep 30 12:11:16 romulus pluto[9315]: | proposal number: 0
Sep 30 12:11:16 romulus pluto[9315]: | protocol ID: PROTO_ISAKMP
Sep 30 12:11:16 romulus pluto[9315]: | SPI size: 0
Sep 30 12:11:16 romulus pluto[9315]: | number of transforms: 4
Sep 30 12:11:16 romulus pluto[9315]: | *****parse ISAKMP Transform Payload (ISAKMP):
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:11:16 romulus pluto[9315]: | length: 32
Sep 30 12:11:16 romulus pluto[9315]: | transform number: 0
Sep 30 12:11:16 romulus pluto[9315]: | transform ID: KEY_IKE
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_LIFE_TYPE
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is OAKLEY_LIFE_SECONDS]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_LIFE_DURATION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 3600
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 5
Sep 30 12:11:16 romulus pluto[9315]: | [5 is OAKLEY_3DES_CBC]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_HASH_ALGORITHM
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is OAKLEY_MD5]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 3
Sep 30 12:11:16 romulus pluto[9315]: | [3 is OAKLEY_RSA_SIG]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: OAKLEY_GROUP_DESCRIPTION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 5
Sep 30 12:11:16 romulus pluto[9315]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:11:16 romulus pluto[9315]: | Oakley Transform 0 accepted
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_OK
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 30 12:11:16 romulus pluto[9315]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:11:16 romulus pluto[9315]: | sending 136 bytes for STATE_MAIN_R0 through veth0:500 to 65.7.156.165:500:
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 30 12:11:16 romulus pluto[9315]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:11:16 romulus pluto[9315]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: |
Sep 30 12:11:16 romulus pluto[9315]: | *received 284 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:11:16 romulus pluto[9315]: | **parse ISAKMP Message:
Sep 30 12:11:16 romulus pluto[9315]: | initiator cookie:
Sep 30 12:11:16 romulus pluto[9315]: | c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | responder cookie:
Sep 30 12:11:16 romulus pluto[9315]: | 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:11:16 romulus pluto[9315]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:11:16 romulus pluto[9315]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:11:16 romulus pluto[9315]: | flags: none
Sep 30 12:11:16 romulus pluto[9315]: | message ID: 00 00 00 00
Sep 30 12:11:16 romulus pluto[9315]: | length: 284
Sep 30 12:11:16 romulus pluto[9315]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:11:16 romulus pluto[9315]: | state object #1 found, in STATE_MAIN_R1
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:11:16 romulus pluto[9315]: | length: 196
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Sep 30 12:11:16 romulus pluto[9315]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:11:16 romulus pluto[9315]: | asking helper 0 to do build_kenonce op on seq: 1
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_SUSPEND
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:11:16 romulus pluto[9316]: ! helper 0 doing build_kenonce op id: 1
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:11:16 romulus pluto[9315]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:11:16 romulus pluto[9315]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_OK
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 30 12:11:16 romulus pluto[9315]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:11:16 romulus pluto[9315]: | sending 420 bytes for STATE_MAIN_R1 through veth0:500 to 65.7.156.165:500:
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 30 12:11:16 romulus pluto[9315]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:11:16 romulus pluto[9315]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: |
Sep 30 12:11:16 romulus pluto[9315]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:11:16 romulus pluto[9315]: | **parse ISAKMP Message:
Sep 30 12:11:16 romulus pluto[9315]: | initiator cookie:
Sep 30 12:11:16 romulus pluto[9315]: | c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | responder cookie:
Sep 30 12:11:16 romulus pluto[9315]: | 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:11:16 romulus pluto[9315]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:11:16 romulus pluto[9315]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:11:16 romulus pluto[9315]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:11:16 romulus pluto[9315]: | message ID: 00 00 00 00
Sep 30 12:11:16 romulus pluto[9315]: | length: 1548
Sep 30 12:11:16 romulus pluto[9315]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:11:16 romulus pluto[9315]: | state object #1 found, in STATE_MAIN_R2
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Identification Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:11:16 romulus pluto[9315]: | length: 176
Sep 30 12:11:16 romulus pluto[9315]: | ID type: ID_DER_ASN1_DN
Sep 30 12:11:16 romulus pluto[9315]: | DOI specific A: 0
Sep 30 12:11:16 romulus pluto[9315]: | DOI specific B: 0
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:11:16 romulus pluto[9315]: | length: 1016
Sep 30 12:11:16 romulus pluto[9315]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:11:16 romulus pluto[9315]: | length: 194
Sep 30 12:11:16 romulus pluto[9315]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Signature Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 132
Sep 30 12:11:16 romulus pluto[9315]: | removing 2 bytes of padding
Sep 30 12:11:16 romulus pluto[9315]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:11:16 romulus pluto[9315]: | 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:11:16 romulus pluto[9315]: | 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:11:16 romulus pluto[9315]: | 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:11:16 romulus pluto[9315]: | 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:11:16 romulus pluto[9315]: | 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:11:16 romulus pluto[9315]: | 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:11:16 romulus pluto[9315]: | 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:11:16 romulus pluto[9315]: | 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:11:16 romulus pluto[9315]: | 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:11:16 romulus pluto[9315]: | 73 65 6e 64 2e 63 6f 6d
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | L0 - certificate:
Sep 30 12:11:16 romulus pluto[9315]: | L1 - tbsCertificate:
Sep 30 12:11:16 romulus pluto[9315]: | L2 - DEFAULT v1:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - version:
Sep 30 12:11:16 romulus pluto[9315]: | v3
Sep 30 12:11:16 romulus pluto[9315]: | L2 - serialNumber:
Sep 30 12:11:16 romulus pluto[9315]: | L2 - signature:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - algorithmIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - algorithm:
Sep 30 12:11:16 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:16 romulus pluto[9315]: | L2 - issuer:
Sep 30 12:11:16 romulus pluto[9315]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:16 romulus pluto[9315]: | L2 - validity:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - notBefore:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:16 romulus pluto[9315]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:11:16 romulus pluto[9315]: | L3 - notAfter:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - utcTime:
Sep 30 12:11:16 romulus pluto[9315]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:11:16 romulus pluto[9315]: | L2 - subject:
Sep 30 12:11:16 romulus pluto[9315]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | L2 - subjectPublicKeyInfo:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - algorithmIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - algorithm:
Sep 30 12:11:16 romulus pluto[9315]: | 'rsaEncryption'
Sep 30 12:11:16 romulus pluto[9315]: | L3 - subjectPublicKey:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - RSAPublicKey:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - modulus:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - publicExponent:
Sep 30 12:11:16 romulus pluto[9315]: | L2 - optional extensions:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - extensions:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:16 romulus pluto[9315]: | 'authorityKeyIdentifier'
Sep 30 12:11:16 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:16 romulus pluto[9315]: | FALSE
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:16 romulus pluto[9315]: | L6 - authorityKeyIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L7 - keyIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L8 - keyIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:16 romulus pluto[9315]: | 'extendedKeyUsage'
Sep 30 12:11:16 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:16 romulus pluto[9315]: | FALSE
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:16 romulus pluto[9315]: | L6 - extendedKeyUsage:
Sep 30 12:11:16 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:16 romulus pluto[9315]: | 'serverAuth'
Sep 30 12:11:16 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:16 romulus pluto[9315]: | 'clientAuth'
Sep 30 12:11:16 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:16 romulus pluto[9315]: | L7 - keyPurposeID:
Sep 30 12:11:16 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:16 romulus pluto[9315]: | 'basicConstraints'
Sep 30 12:11:16 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:16 romulus pluto[9315]: | TRUE
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:16 romulus pluto[9315]: | L6 - basicConstraints:
Sep 30 12:11:16 romulus pluto[9315]: | L7 - CA:
Sep 30 12:11:16 romulus pluto[9315]: | FALSE
Sep 30 12:11:16 romulus pluto[9315]: | L4 - extension:
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnID:
Sep 30 12:11:16 romulus pluto[9315]: | 'subjectAltName'
Sep 30 12:11:16 romulus pluto[9315]: | L5 - critical:
Sep 30 12:11:16 romulus pluto[9315]: | FALSE
Sep 30 12:11:16 romulus pluto[9315]: | L5 - extnValue:
Sep 30 12:11:16 romulus pluto[9315]: | L6 - generalNames:
Sep 30 12:11:16 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:16 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:16 romulus pluto[9315]: | 'complex.wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:16 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:16 romulus pluto[9315]: | 'complex.ip6.wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:16 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:16 romulus pluto[9315]: | 'complex.wittsend.org'
Sep 30 12:11:16 romulus pluto[9315]: | L7 - generalName:
Sep 30 12:11:16 romulus pluto[9315]: | L8 - dnsName:
Sep 30 12:11:16 romulus pluto[9315]: | 'complex.commandcorp.com'
Sep 30 12:11:16 romulus pluto[9315]: | L1 - signatureAlgorithm:
Sep 30 12:11:16 romulus pluto[9315]: | L2 - algorithmIdentifier:
Sep 30 12:11:16 romulus pluto[9315]: | L3 - algorithm:
Sep 30 12:11:16 romulus pluto[9315]: | 'md5WithRSAEncryption'
Sep 30 12:11:16 romulus pluto[9315]: | L1 - signatureValue:
Sep 30 12:11:16 romulus pluto[9315]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:11:16 romulus pluto[9315]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:11:16 romulus pluto[9315]: | decrypted signature:
Sep 30 12:11:16 romulus pluto[9315]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:11:16 romulus pluto[9315]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:11:16 romulus pluto[9315]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:11:16 romulus pluto[9315]: | 3a
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:11:16 romulus pluto[9315]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:11:16 romulus pluto[9315]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:11:16 romulus pluto[9315]: | 90 69 e2 aa
Sep 30 12:11:16 romulus pluto[9315]: | decrypted signature:
Sep 30 12:11:16 romulus pluto[9315]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:11:16 romulus pluto[9315]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:11:16 romulus pluto[9315]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:11:16 romulus pluto[9315]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:11:16 romulus pluto[9315]: | aa
Sep 30 12:11:16 romulus pluto[9315]: | reached self-signed root ca
Sep 30 12:11:16 romulus pluto[9315]: | Public key validated
Sep 30 12:11:16 romulus pluto[9315]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:11:16 romulus pluto[9315]: | 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:11:16 romulus pluto[9315]: | 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:11:16 romulus pluto[9315]: | 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:11:16 romulus pluto[9315]: | 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:11:16 romulus pluto[9315]: | 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:11:16 romulus pluto[9315]: | 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:11:16 romulus pluto[9315]: | 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:11:16 romulus pluto[9315]: | 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:11:16 romulus pluto[9315]: | 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:11:16 romulus pluto[9315]: | 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:11:16 romulus pluto[9315]: | 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:11:16 romulus pluto[9315]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | offered CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:11:16 romulus pluto[9315]: | required CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:16 romulus pluto[9315]: | key issuer CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:11:16 romulus pluto[9315]: | an RSA Sig check passed with *AwEAAfKmu [preloaded key]
Sep 30 12:11:16 romulus pluto[9315]: | thinking about whether to send my certificate:
Sep 30 12:11:16 romulus pluto[9315]: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE
Sep 30 12:11:16 romulus pluto[9315]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
Sep 30 12:11:16 romulus pluto[9315]: | so send cert.
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: I am sending my cert
Sep 30 12:11:16 romulus pluto[9315]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_RSA
Sep 30 12:11:16 romulus pluto[9315]: | searching for certificate PPK_RSA:AwEAAev6j vs PPK_RSA:AwEAAev6j
Sep 30 12:11:16 romulus pluto[9315]: | signing hash with RSA Key *AwEAAev6j
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_OK
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 30 12:11:16 romulus pluto[9315]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:11:16 romulus pluto[9315]: | sending 1116 bytes for STATE_MAIN_R2 through veth0:500 to 65.7.156.165:500:
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1
Sep 30 12:11:16 romulus pluto[9315]: "complex" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Sep 30 12:11:16 romulus pluto[9315]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:11:16 romulus pluto[9315]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:11:16 romulus pluto[9315]: |
Sep 30 12:11:16 romulus pluto[9315]: | *received 428 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:11:16 romulus pluto[9315]: | **parse ISAKMP Message:
Sep 30 12:11:16 romulus pluto[9315]: | initiator cookie:
Sep 30 12:11:16 romulus pluto[9315]: | c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | responder cookie:
Sep 30 12:11:16 romulus pluto[9315]: | 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:11:16 romulus pluto[9315]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:11:16 romulus pluto[9315]: | exchange type: ISAKMP_XCHG_QUICK
Sep 30 12:11:16 romulus pluto[9315]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:11:16 romulus pluto[9315]: | message ID: 47 fb 58 8a
Sep 30 12:11:16 romulus pluto[9315]: | length: 428
Sep 30 12:11:16 romulus pluto[9315]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | peer and cookies match on #1, provided msgid 47fb588a vs 00000000
Sep 30 12:11:16 romulus pluto[9315]: | state object not found
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:11:16 romulus pluto[9315]: | state object #1 found, in STATE_MAIN_R3
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Hash Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:11:16 romulus pluto[9315]: | length: 136
Sep 30 12:11:16 romulus pluto[9315]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:11:16 romulus pluto[9315]: | length: 196
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:11:16 romulus pluto[9315]: | length: 16
Sep 30 12:11:16 romulus pluto[9315]: | ID type: ID_IPV4_ADDR_SUBNET
Sep 30 12:11:16 romulus pluto[9315]: | Protocol ID: 0
Sep 30 12:11:16 romulus pluto[9315]: | port: 0
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 12
Sep 30 12:11:16 romulus pluto[9315]: | ID type: ID_IPV4_ADDR
Sep 30 12:11:16 romulus pluto[9315]: | Protocol ID: 0
Sep 30 12:11:16 romulus pluto[9315]: | port: 0
Sep 30 12:11:16 romulus pluto[9315]: | peer client is subnet 130.205.0.0/19
Sep 30 12:11:16 romulus pluto[9315]: | peer client protocol/port is 0/0
Sep 30 12:11:16 romulus pluto[9315]: | our client is 130.205.32.3
Sep 30 12:11:16 romulus pluto[9315]: | our client protocol/port is 0/0
Sep 30 12:11:16 romulus pluto[9315]: | duplicating state object #1
Sep 30 12:11:16 romulus pluto[9315]: | creating state object #2 at 0x800daac8
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
Sep 30 12:11:16 romulus pluto[9315]: | ****parse IPsec DOI SIT:
Sep 30 12:11:16 romulus pluto[9315]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:11:16 romulus pluto[9315]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 124
Sep 30 12:11:16 romulus pluto[9315]: | proposal number: 0
Sep 30 12:11:16 romulus pluto[9315]: | protocol ID: PROTO_IPSEC_ESP
Sep 30 12:11:16 romulus pluto[9315]: | SPI size: 4
Sep 30 12:11:16 romulus pluto[9315]: | number of transforms: 4
Sep 30 12:11:16 romulus pluto[9315]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 30 12:11:16 romulus pluto[9315]: | SPI f1 17 9f c1
Sep 30 12:11:16 romulus pluto[9315]: | *****parse ISAKMP Transform Payload (ESP):
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:11:16 romulus pluto[9315]: | length: 28
Sep 30 12:11:16 romulus pluto[9315]: | transform number: 0
Sep 30 12:11:16 romulus pluto[9315]: | transform ID: ESP_AES
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: GROUP_DESCRIPTION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 5
Sep 30 12:11:16 romulus pluto[9315]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: ENCAPSULATION_MODE
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: SA_LIFE_TYPE
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: SA_LIFE_DURATION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 28800
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: AUTH_ALGORITHM
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 2
Sep 30 12:11:16 romulus pluto[9315]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Sep 30 12:11:16 romulus pluto[9315]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:11:16 romulus pluto[9315]: | asking helper 0 to do build_kenonce op on seq: 2
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_SUSPEND
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:11:16 romulus pluto[9316]: ! helper 0 doing build_kenonce op id: 2
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ****parse IPsec DOI SIT:
Sep 30 12:11:16 romulus pluto[9315]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:11:16 romulus pluto[9315]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 124
Sep 30 12:11:16 romulus pluto[9315]: | proposal number: 0
Sep 30 12:11:16 romulus pluto[9315]: | protocol ID: PROTO_IPSEC_ESP
Sep 30 12:11:16 romulus pluto[9315]: | SPI size: 4
Sep 30 12:11:16 romulus pluto[9315]: | number of transforms: 4
Sep 30 12:11:16 romulus pluto[9315]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 30 12:11:16 romulus pluto[9315]: | SPI f1 17 9f c1
Sep 30 12:11:16 romulus pluto[9315]: | *****parse ISAKMP Transform Payload (ESP):
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:11:16 romulus pluto[9315]: | length: 28
Sep 30 12:11:16 romulus pluto[9315]: | transform number: 0
Sep 30 12:11:16 romulus pluto[9315]: | transform ID: ESP_AES
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: GROUP_DESCRIPTION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 5
Sep 30 12:11:16 romulus pluto[9315]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: ENCAPSULATION_MODE
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: SA_LIFE_TYPE
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 1
Sep 30 12:11:16 romulus pluto[9315]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: SA_LIFE_DURATION
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 28800
Sep 30 12:11:16 romulus pluto[9315]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:11:16 romulus pluto[9315]: | af+type: AUTH_ALGORITHM
Sep 30 12:11:16 romulus pluto[9315]: | length/value: 2
Sep 30 12:11:16 romulus pluto[9315]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Sep 30 12:11:16 romulus pluto[9315]: "complex" #2: responding to Quick Mode {msgid:8a58fb47}
Sep 30 12:11:16 romulus pluto[9315]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:11:16 romulus pluto[9315]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:11:16 romulus pluto[9315]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:11:16 romulus pluto[9315]: | compute_proto_keymat:needed_len (after ESP enc)=16
Sep 30 12:11:16 romulus pluto[9315]: | compute_proto_keymat:needed_len (after ESP auth)=36
Sep 30 12:11:16 romulus pluto[9315]: | route owner of "complex" unrouted: NULL
Sep 30 12:11:16 romulus pluto[9315]: | install_inbound_ipsec_sa() checking if we can route
Sep 30 12:11:16 romulus pluto[9315]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:11:16 romulus pluto[9315]: | could_route called for complex (kind=CK_PERMANENT)
Sep 30 12:11:16 romulus pluto[9315]: | add inbound eroute 130.205.0.0/19:0 --0-> 130.205.32.3/32:0 => tun.10000 at 130.205.32.3 (raw_eroute)
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_OK
Sep 30 12:11:16 romulus pluto[9315]: "complex" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 30 12:11:16 romulus pluto[9315]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:11:16 romulus pluto[9315]: | sending 348 bytes for STATE_QUICK_R0 through veth0:500 to 65.7.156.165:500:
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Sep 30 12:11:16 romulus pluto[9315]: "complex" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 30 12:11:16 romulus pluto[9315]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:11:16 romulus pluto[9315]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Sep 30 12:11:16 romulus pluto[9315]: |
Sep 30 12:11:16 romulus pluto[9315]: | *received 52 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:11:16 romulus pluto[9315]: | **parse ISAKMP Message:
Sep 30 12:11:16 romulus pluto[9315]: | initiator cookie:
Sep 30 12:11:16 romulus pluto[9315]: | c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | responder cookie:
Sep 30 12:11:16 romulus pluto[9315]: | 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:11:16 romulus pluto[9315]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:11:16 romulus pluto[9315]: | exchange type: ISAKMP_XCHG_QUICK
Sep 30 12:11:16 romulus pluto[9315]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:11:16 romulus pluto[9315]: | message ID: 47 fb 58 8a
Sep 30 12:11:16 romulus pluto[9315]: | length: 52
Sep 30 12:11:16 romulus pluto[9315]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 30 12:11:16 romulus pluto[9315]: | ICOOKIE: c6 f0 56 0d 03 31 26 fd
Sep 30 12:11:16 romulus pluto[9315]: | RCOOKIE: 93 59 de 9b 04 d4 7c 3b
Sep 30 12:11:16 romulus pluto[9315]: | peer: 41 07 9c a5
Sep 30 12:11:16 romulus pluto[9315]: | state hash entry 5
Sep 30 12:11:16 romulus pluto[9315]: | peer and cookies match on #2, provided msgid 47fb588a vs 47fb588a
Sep 30 12:11:16 romulus pluto[9315]: | state object #2 found, in STATE_QUICK_R1
Sep 30 12:11:16 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:16 romulus pluto[9315]: | ***parse ISAKMP Hash Payload:
Sep 30 12:11:16 romulus pluto[9315]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:11:16 romulus pluto[9315]: | length: 20
Sep 30 12:11:16 romulus pluto[9315]: | removing 4 bytes of padding
Sep 30 12:11:16 romulus pluto[9315]: | install_ipsec_sa() for #2: outbound only
Sep 30 12:11:16 romulus pluto[9315]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:11:16 romulus pluto[9315]: | could_route called for complex (kind=CK_PERMANENT)
Sep 30 12:11:16 romulus pluto[9315]: | sr for #2: unrouted
Sep 30 12:11:16 romulus pluto[9315]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:11:16 romulus pluto[9315]: | eroute_connection add eroute 130.205.32.3/32:0 --0-> 130.205.0.0/19:0 => tun.0 at 65.7.156.165 (raw_eroute)
Sep 30 12:11:16 romulus pluto[9315]: | command executing up-host
Sep 30 12:11:16 romulus pluto[9315]: | executing up-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:11:16 romulus pluto[9315]: | route_and_eroute: firewall_notified: true
Sep 30 12:11:16 romulus pluto[9315]: | command executing prepare-host
Sep 30 12:11:16 romulus pluto[9315]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:11:16 romulus pluto[9315]: | command executing route-host
Sep 30 12:11:16 romulus pluto[9315]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:11:16 romulus pluto[9315]: | route_and_eroute: instance "complex", setting eroute_owner {spd=0x800ce4ec,sr=0x800ce4ec} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 30 12:11:16 romulus pluto[9315]: | complete state transition with STF_OK
Sep 30 12:11:16 romulus pluto[9315]: "complex" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 30 12:11:16 romulus pluto[9315]: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2
Sep 30 12:11:16 romulus pluto[9315]: "complex" #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xf1179fc1 <0x58598cab xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Sep 30 12:11:16 romulus pluto[9315]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:11:16 romulus pluto[9315]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:11:16 romulus pluto[9315]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:11:36 romulus pluto[9315]: |
Sep 30 12:11:36 romulus pluto[9315]: | *time to handle event
Sep 30 12:11:36 romulus pluto[9315]: | handling event EVENT_NAT_T_KEEPALIVE
Sep 30 12:11:36 romulus pluto[9315]: | event after this is EVENT_PENDING_PHASE2 in 94 seconds
Sep 30 12:11:36 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:36 romulus pluto[9315]: | processing connection complex
Sep 30 12:11:36 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 94 seconds
Sep 30 12:11:39 romulus pluto[9315]: |
Sep 30 12:11:39 romulus pluto[9315]: | *received whack message
Sep 30 12:11:39 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 91 seconds
Sep 30 12:11:39 romulus pluto[9315]: |
Sep 30 12:11:39 romulus pluto[9315]: | *received whack message
Sep 30 12:11:39 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 91 seconds
Sep 30 12:11:39 romulus pluto[9315]: |
Sep 30 12:11:39 romulus pluto[9315]: | *received whack message
Sep 30 12:11:39 romulus pluto[9315]: | next event EVENT_PENDING_PHASE2 in 91 seconds
+ _________________________ date
+ date
Tue Sep 30 12:11:39 EDT 2008
-------------- next part --------------
romulus.wittsend.com
Tue Sep 30 12:13:46 EDT 2008
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.24-ovz005.1 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.24-ovz005.1 (root at centos-32-build) (gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)) #1 SMP Mon May 12 16:38:09 MSD 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.31.250.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
130.205.32.50 130.205.32.4 255.255.255.255 UGH 0 0 0 veth0
172.31.255.2 130.205.32.4 255.255.255.255 UGH 0 0 0 veth0
130.205.39.0 130.205.32.8 255.255.255.0 UG 0 0 0 veth0
172.31.250.0 172.31.250.2 255.255.255.0 UG 0 0 0 tun0
172.31.255.0 130.205.32.4 255.255.255.0 UG 0 0 0 veth0
130.205.33.0 130.205.32.8 255.255.255.0 UG 0 0 0 veth0
172.31.192.0 0.0.0.0 255.255.255.0 U 0 0 0 veth1
130.205.156.0 130.205.32.14 255.255.252.0 UG 0 0 0 veth0
130.205.36.0 130.205.32.4 255.255.252.0 UG 0 0 0 veth0
130.205.32.0 0.0.0.0 255.255.240.0 U 0 0 0 veth0
130.205.160.0 130.205.32.14 255.255.224.0 UG 0 0 0 veth0
130.205.0.0 130.205.32.4 255.255.224.0 UG 0 0 0 veth0
130.205.192.0 130.205.32.14 255.255.192.0 UG 0 0 0 veth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 veth1
0.0.0.0 130.205.32.1 0.0.0.0 UG 0 0 0 veth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src ::/0 dst ::/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src ::/0 dst ::/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0 ptype main
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
type : compression
name : cbc(twofish)
driver : cbc(twofish-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
name : cbc(camellia)
driver : cbc(camellia-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
name : camellia
driver : camellia-generic
module : camellia
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cbc(serpent)
driver : cbc(serpent-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
name : cbc(aes)
driver : cbc(aes-i586)
module : cbc
priority : 200
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
name : ecb(cipher_null)
driver : ecb(cipher_null-generic)
module : ecb
priority : 0
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
name : xcbc(aes)
driver : xcbc(aes-i586)
module : xcbc
priority : 200
refcnt : 1
type : hash
blocksize : 16
digestsize : 16
name : hmac(sha256)
driver : hmac(sha256-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 16
name : hmac(digest_null)
driver : hmac(digest_null-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : digest
blocksize : 1
digestsize : 0
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 32
name : sha512
driver : sha512-generic
module : sha512
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-i586
module : aes_i586
priority : 200
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 2
type : digest
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface tun6to4/tun6to4 2002:82cd:2003::1
000 interface lo/lo ::1
000 interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface veth0/veth0 130.205.32.3
000 interface veth0/veth0 130.205.32.3
000 interface veth1/veth1 172.31.192.3
000 interface veth1/veth1 172.31.192.3
000 interface tun0/tun0 172.31.250.1
000 interface tun0/tun0 172.31.250.1
000 %myid = (none)
000 debug parsing+control
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "canyon": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com,+S=C]; unrouted; eroute owner: #0
000 "canyon": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=canyon.wittsend.com.crt;
000 "canyon": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "canyon": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "canyon": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: veth0;
000 "canyon": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "chaos": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.37<209.134.176.37>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net,+S=C]; unrouted; eroute owner: #0
000 "chaos": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=chaos.iss.net.crt;
000 "chaos": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "chaos": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "chaos": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: veth0;
000 "chaos": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "charon-0": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]; unrouted; eroute owner: #0
000 "charon-0": myip=130.205.32.3; hisip=unset; mycert=remus.wittsend.com.crt; hiscert=charon.wittsend.com.crt;
000 "charon-0": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "charon-0": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "charon-0": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: veth0;
000 "charon-0": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "charon-1": 130.205.32.0/24===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]===130.205.36.0/24; unrouted; eroute owner: #0
000 "charon-1": myip=130.205.32.3; hisip=unset; mycert=remus.wittsend.com.crt; hiscert=charon.wittsend.com.crt;
000 "charon-1": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "charon-1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "charon-1": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 24,24; interface: veth0;
000 "charon-1": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "complex": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.12---65.7.156.165<65.7.156.165>[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com,+S=C]===130.205.0.0/19; unrouted; eroute owner: #0
000 "complex": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=complex.wittsend.com.crt;
000 "complex": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "complex": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "complex": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,19; interface: veth0;
000 "complex": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "kolvir": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.84<209.134.176.84>[+S=C]; unrouted; eroute owner: #0
000 "kolvir": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=kolvir.iss.net.crt;
000 "kolvir": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "kolvir": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "kolvir": policy: RSASIG+ENCRYPT+PFS+DONTREKEY+IKEv2ALLOW; prio: 32,32; interface: veth0;
000 "kolvir": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "levy-0": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]; unrouted; eroute owner: #0
000 "levy-0": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=levy.bythesea.org.crt;
000 "levy-0": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "levy-0": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "levy-0": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,0; interface: veth0;
000 "levy-0": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "levy-1": 0.0.0.0/0===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]===130.205.37.0/24; unrouted; eroute owner: #0
000 "levy-1": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=levy.bythesea.org.crt;
000 "levy-1": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "levy-1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "levy-1": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 0,24; interface: veth0;
000 "levy-1": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "rebma": 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.68<209.134.176.68>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net,+S=C]; unrouted; eroute owner: #0
000 "rebma": myip=130.205.32.3; hisip=unset; mycert=romulus.wittsend.com.crt; hiscert=rebma.iss.net.crt;
000 "rebma": CAs: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'...'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 "rebma": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "rebma": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: veth0;
000 "rebma": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #1: "complex":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 4s; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:80:3F:03:45:5A
inet6 addr: fe80::280:3fff:fe03:455a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92067121 errors:24009 dropped:0 overruns:0 frame:24009
TX packets:1838316 errors:67 dropped:0 overruns:0 carrier:67
collisions:241420 txqueuelen:10
RX bytes:4238573834 (3.9 GiB) TX bytes:280588210 (267.5 MiB)
Base address:0xc000 Memory:fa100000-fa120000
eth1 Link encap:Ethernet HWaddr 00:80:3F:03:45:5B
inet6 addr: fe80::280:3fff:fe03:455b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:503498 errors:0 dropped:0 overruns:0 frame:0
TX packets:960211 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:97708164 (93.1 MiB) TX bytes:1100516268 (1.0 GiB)
Base address:0xb000 Memory:fa000000-fa020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11460 errors:0 dropped:0 overruns:0 frame:0
TX packets:11460 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2039214 (1.9 MiB) TX bytes:2039214 (1.9 MiB)
pan0 Link encap:Ethernet HWaddr 26:D8:68:85:6D:3E
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.31.250.1 P-t-P:172.31.250.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun6to4 Link encap:IPv6-in-IPv4
inet6 addr: 2002:82cd:2003::1/16 Scope:Global
UP RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1/128 Scope:Link
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
veth0 Link encap:Ethernet HWaddr 00:80:3F:03:45:5A
inet addr:130.205.32.3 Bcast:130.205.47.255 Mask:255.255.240.0
inet6 addr: fe80::280:3fff:fe03:455a/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:92768044 errors:0 dropped:0 overruns:0 frame:0
TX packets:1077859 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2665689203 (2.4 GiB) TX bytes:141020009 (134.4 MiB)
veth1 Link encap:Ethernet HWaddr 00:80:3F:03:45:5B
inet addr:172.31.192.3 Bcast:172.31.192.255 Mask:255.255.255.0
inet6 addr: 2001:4830:3000:2:280:3fff:fe03:455b/64 Scope:Global
inet6 addr: fe80::280:3fff:fe03:455b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:500565 errors:0 dropped:0 overruns:0 frame:0
TX packets:956919 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:88267785 (84.1 MiB) TX bytes:1094988214 (1.0 GiB)
veth1014.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:371 errors:0 dropped:0 overruns:0 frame:0
TX packets:734308 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21645 (21.1 KiB) TX bytes:41465968 (39.5 MiB)
veth1014.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2645 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:199367 (194.6 KiB)
veth1064.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:40
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1664 errors:0 dropped:0 overruns:0 frame:0
TX packets:735388 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:172895 (168.8 KiB) TX bytes:41537656 (39.6 MiB)
veth1064.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:40
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2643 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:199235 (194.5 KiB)
veth1065.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:41
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:358 errors:0 dropped:0 overruns:0 frame:0
TX packets:734292 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26779 (26.1 KiB) TX bytes:41465966 (39.5 MiB)
veth1065.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:41
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:2640 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:620 (620.0 b) TX bytes:199007 (194.3 KiB)
veth1074.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21706 errors:0 dropped:0 overruns:0 frame:0
TX packets:717802 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2144244 (2.0 MiB) TX bytes:40294702 (38.4 MiB)
veth1074.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:2638 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:524 (524.0 b) TX bytes:198855 (194.1 KiB)
veth1075.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:782 errors:0 dropped:0 overruns:0 frame:0
TX packets:734682 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:101493 (99.1 KiB) TX bytes:41491537 (39.5 MiB)
veth1075.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2635 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:468 (468.0 b) TX bytes:198627 (193.9 KiB)
veth1076.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:365 errors:0 dropped:0 overruns:0 frame:0
TX packets:734274 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27703 (27.0 KiB) TX bytes:41464098 (39.5 MiB)
veth1076.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2628 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:198119 (193.4 KiB)
veth1077.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:716 errors:0 dropped:0 overruns:0 frame:0
TX packets:734654 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:100245 (97.8 KiB) TX bytes:41488459 (39.5 MiB)
veth1077.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4D
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2624 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:197839 (193.2 KiB)
veth1078.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:334 errors:0 dropped:0 overruns:0 frame:0
TX packets:734190 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25730 (25.1 KiB) TX bytes:41459699 (39.5 MiB)
veth1078.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2615 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:197179 (192.5 KiB)
veth1079.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:4F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1915 errors:0 dropped:0 overruns:0 frame:0
TX packets:735440 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1438124 (1.3 MiB) TX bytes:41562579 (39.6 MiB)
veth1079.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:4F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2606 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:196523 (191.9 KiB)
veth1080.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:50
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8678 errors:0 dropped:0 overruns:0 frame:0
TX packets:292039 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:842476 (822.7 KiB) TX bytes:16116748 (15.3 MiB)
veth1080.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:50
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:206 errors:0 dropped:0 overruns:0 frame:0
TX packets:1200 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27664 (27.0 KiB) TX bytes:96170 (93.9 KiB)
veth1081.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:51
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50101 errors:0 dropped:0 overruns:0 frame:0
TX packets:740427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26587339 (25.3 MiB) TX bytes:42153063 (40.2 MiB)
veth1081.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:51
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1801 errors:0 dropped:0 overruns:0 frame:0
TX packets:4160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1890366 (1.8 MiB) TX bytes:345643 (337.5 KiB)
veth1082.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:52
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71177 errors:0 dropped:0 overruns:0 frame:0
TX packets:805124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2858941 (2.7 MiB) TX bytes:44922042 (42.8 MiB)
veth1082.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:52
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:2588 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:508 (508.0 b) TX bytes:195199 (190.6 KiB)
veth1083.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:53
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:341 errors:0 dropped:0 overruns:0 frame:0
TX packets:734106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21338 (20.8 KiB) TX bytes:41455080 (39.5 MiB)
veth1083.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:53
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:2852 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30364 (29.6 KiB) TX bytes:226088 (220.7 KiB)
veth1084.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:432 errors:0 dropped:0 overruns:0 frame:0
TX packets:734118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31716 (30.9 KiB) TX bytes:41464877 (39.5 MiB)
veth1084.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60 errors:0 dropped:0 overruns:0 frame:0
TX packets:2632 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6809 (6.6 KiB) TX bytes:216402 (211.3 KiB)
veth1086.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:56
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:198 errors:0 dropped:0 overruns:0 frame:0
TX packets:300194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:14741 (14.3 KiB) TX bytes:16915154 (16.1 MiB)
veth1086.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:56
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:118 errors:0 dropped:0 overruns:0 frame:0
TX packets:1093 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12610 (12.3 KiB) TX bytes:86670 (84.6 KiB)
veth1087.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:57
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:378 errors:0 dropped:0 overruns:0 frame:0
TX packets:733978 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24636 (24.0 KiB) TX bytes:41450337 (39.5 MiB)
veth1087.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:57
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:218 errors:0 dropped:0 overruns:0 frame:0
TX packets:2763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29462 (28.7 KiB) TX bytes:222669 (217.4 KiB)
veth1088.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:58
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:640 errors:0 dropped:0 overruns:0 frame:0
TX packets:734077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42286 (41.2 KiB) TX bytes:41469665 (39.5 MiB)
veth1088.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:58
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2546 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:192159 (187.6 KiB)
veth1112.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:70
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3716 errors:0 dropped:0 overruns:0 frame:0
TX packets:304147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:232821 (227.3 KiB) TX bytes:17351482 (16.5 MiB)
veth1112.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:70
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:142 errors:0 dropped:0 overruns:0 frame:0
TX packets:1110 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12542 (12.2 KiB) TX bytes:102278 (99.8 KiB)
veth1120.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28607 errors:0 dropped:0 overruns:0 frame:0
TX packets:329784 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9390382 (8.9 MiB) TX bytes:19881928 (18.9 MiB)
veth1120.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:985 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 b) TX bytes:73968 (72.2 KiB)
veth1176.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:B0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26492 errors:0 dropped:0 overruns:0 frame:0
TX packets:723333 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2742067 (2.6 MiB) TX bytes:41213592 (39.3 MiB)
veth1176.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:B0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:2627 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17542 (17.1 KiB) TX bytes:206990 (202.1 KiB)
veth1192.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:C0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25294 errors:0 dropped:0 overruns:0 frame:0
TX packets:721706 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2240721 (2.1 MiB) TX bytes:40773143 (38.8 MiB)
veth1192.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:C0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:128 errors:0 dropped:0 overruns:0 frame:0
TX packets:2561 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19187 (18.7 KiB) TX bytes:198184 (193.5 KiB)
veth1208.0 Link encap:Ethernet HWaddr 0E:04:08:00:00:D0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34595 errors:0 dropped:0 overruns:0 frame:0
TX packets:729473 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4633497 (4.4 MiB) TX bytes:41048008 (39.1 MiB)
veth1208.1 Link encap:Ethernet HWaddr 0E:04:08:00:10:D0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2495 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:412 (412.0 b) TX bytes:186508 (182.1 KiB)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10
link/ether 00:80:3f:03:45:5a brd ff:ff:ff:ff:ff:ff
inet6 fe80::280:3fff:fe03:455a/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100
link/ether 00:80:3f:03:45:5b brd ff:ff:ff:ff:ff:ff
inet6 fe80::280:3fff:fe03:455b/64 scope link
valid_lft forever preferred_lft forever
4: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/void
inet6 fe80::1/128 scope link
valid_lft forever preferred_lft forever
5: veth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:80:3f:03:45:5a brd ff:ff:ff:ff:ff:ff
inet 130.205.32.3/20 brd 130.205.47.255 scope global veth0
inet6 fe80::280:3fff:fe03:455a/64 scope link
valid_lft forever preferred_lft forever
6: veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:80:3f:03:45:5b brd ff:ff:ff:ff:ff:ff
inet 172.31.192.3/24 brd 172.31.192.255 scope global veth1
inet6 2001:4830:3000:2:280:3fff:fe03:455b/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::280:3fff:fe03:455b/64 scope link
valid_lft forever preferred_lft forever
7: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
8: tun6to4 at NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/sit 130.205.32.3 brd 0.0.0.0
inet6 2002:82cd:2003::1/16 scope global
valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 172.31.250.1 peer 172.31.250.2/32 scope global tun0
10: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 26:d8:68:85:6d:3e brd ff:ff:ff:ff:ff:ff
11: veth1014.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:0e brd ff:ff:ff:ff:ff:ff
12: veth1014.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:0e brd ff:ff:ff:ff:ff:ff
13: veth1064.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:40 brd ff:ff:ff:ff:ff:ff
14: veth1064.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:40 brd ff:ff:ff:ff:ff:ff
15: veth1065.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:41 brd ff:ff:ff:ff:ff:ff
16: veth1065.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:41 brd ff:ff:ff:ff:ff:ff
17: veth1074.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4a brd ff:ff:ff:ff:ff:ff
18: veth1074.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4a brd ff:ff:ff:ff:ff:ff
19: veth1075.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4b brd ff:ff:ff:ff:ff:ff
20: veth1075.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4b brd ff:ff:ff:ff:ff:ff
21: veth1076.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4c brd ff:ff:ff:ff:ff:ff
22: veth1076.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4c brd ff:ff:ff:ff:ff:ff
23: veth1077.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4d brd ff:ff:ff:ff:ff:ff
24: veth1077.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4d brd ff:ff:ff:ff:ff:ff
25: veth1078.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4e brd ff:ff:ff:ff:ff:ff
26: veth1078.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4e brd ff:ff:ff:ff:ff:ff
27: veth1079.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:4f brd ff:ff:ff:ff:ff:ff
28: veth1079.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:4f brd ff:ff:ff:ff:ff:ff
31: veth1081.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:51 brd ff:ff:ff:ff:ff:ff
32: veth1081.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:51 brd ff:ff:ff:ff:ff:ff
33: veth1082.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:52 brd ff:ff:ff:ff:ff:ff
34: veth1082.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:52 brd ff:ff:ff:ff:ff:ff
35: veth1083.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:53 brd ff:ff:ff:ff:ff:ff
36: veth1083.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:53 brd ff:ff:ff:ff:ff:ff
37: veth1084.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:54 brd ff:ff:ff:ff:ff:ff
38: veth1084.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:54 brd ff:ff:ff:ff:ff:ff
41: veth1087.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:57 brd ff:ff:ff:ff:ff:ff
42: veth1087.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:57 brd ff:ff:ff:ff:ff:ff
43: veth1088.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:58 brd ff:ff:ff:ff:ff:ff
44: veth1088.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:58 brd ff:ff:ff:ff:ff:ff
49: veth1176.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:b0 brd ff:ff:ff:ff:ff:ff
50: veth1176.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:b0 brd ff:ff:ff:ff:ff:ff
51: veth1192.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:c0 brd ff:ff:ff:ff:ff:ff
52: veth1192.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:c0 brd ff:ff:ff:ff:ff:ff
53: veth1208.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:d0 brd ff:ff:ff:ff:ff:ff
54: veth1208.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:d0 brd ff:ff:ff:ff:ff:ff
55: veth1080.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:50 brd ff:ff:ff:ff:ff:ff
56: veth1080.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:50 brd ff:ff:ff:ff:ff:ff
57: veth1086.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:56 brd ff:ff:ff:ff:ff:ff
58: veth1086.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:56 brd ff:ff:ff:ff:ff:ff
59: veth1112.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:70 brd ff:ff:ff:ff:ff:ff
60: veth1112.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:70 brd ff:ff:ff:ff:ff:ff
61: veth1120.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:00:78 brd ff:ff:ff:ff:ff:ff
62: veth1120.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 0e:04:08:00:10:78 brd ff:ff:ff:ff:ff:ff
+ _________________________ ip-route-list
+ ip route list
172.31.250.2 dev tun0 proto kernel scope link src 172.31.250.1
130.205.32.50 via 130.205.32.4 dev veth0 proto zebra metric 20
172.31.255.2 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.39.0/24 via 130.205.32.8 dev veth0 proto zebra
172.31.250.0/24 via 172.31.250.2 dev tun0
172.31.255.0/24 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.33.0/24 via 130.205.32.8 dev veth0 proto zebra
172.31.192.0/24 dev veth1 proto kernel scope link src 172.31.192.3
130.205.156.0/22 via 130.205.32.14 dev veth0
130.205.36.0/22 via 130.205.32.4 dev veth0 proto zebra metric 20
130.205.32.0/20 dev veth0 proto kernel scope link src 130.205.32.3
130.205.160.0/19 via 130.205.32.14 dev veth0
130.205.0.0/19 via 130.205.32.4 dev veth0 proto zebra
130.205.192.0/18 via 130.205.32.14 dev veth0
169.254.0.0/16 dev veth1 scope link
default via 130.205.32.1 dev veth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.24-ovz005.1 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: romulus.wittsend.com [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 3.32.205.130.in-addr.arpa. [MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: no autonegotiation, 10baseT-HD, link ok
product info: vendor 00:aa:00, model 56 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 10baseT-HD
eth1: negotiated 100baseTx-FD flow-control, link ok
product info: vendor 00:50:43, model 2 rev 3
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
romulus.wittsend.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
130.205.32.3
+ _________________________ uptime
+ uptime
12:13:46 up 2 days, 47 min, 3 users, load average: 0.44, 0.47, 0.34
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 10512 29992 20 0 4752 1128 - S+ pts/2 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 10604 10512 20 0 2044 496 - S+ pts/2 0:00 \_ egrep -i ppid|pluto|ipsec|klips
1 0 10412 1 20 0 2716 416 - S pts/2 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug parsing control --uniqueids no --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid
1 0 10413 10412 20 0 2716 544 - S pts/2 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug parsing control --uniqueids no --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes --keep_alive --protostack netkey --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash false --pid /var/run/pluto/pluto.pid
4 0 10414 10413 20 0 3264 1592 - S pts/2 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --debug-parsing --debug-control --use-netkey --nat_traversal
1 0 10415 10414 30 10 3268 748 - SN pts/2 0:00 | \_ pluto helper # 0
0 0 10471 10414 20 0 1756 296 - S pts/2 0:00 | \_ _pluto_adns
4 0 10421 10412 20 0 2716 1068 - S pts/2 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 10417 1 20 0 1808 500 - S pts/2 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug="control parsing"
protostack=netkey
nat_traversal=yes
#< /etc/ipsec.d/0_default.conf 1
# defaults for subsequent connection descriptions
conn %default
authby=rsasig
# Left security gateway, subnet behind it, next hop toward it.
left=130.205.32.3
leftsourceip=130.205.32.3
leftnexthop=130.205.32.1
leftrsasigkey=%cert
leftcert=romulus.wittsend.com.crt
leftid=%fromcert
rightrsasigkey=%none # new default %dnsondemand
#< /etc/ipsec.d/canyon.conf 1
conn canyon
right=%any
rightrsasigkey=%cert
rightcert=canyon.wittsend.com.crt
leftrsasigkey=%cert
auto=add
#< /etc/ipsec.d/chaos.conf 1
conn chaos
right=209.134.176.37
rightcert=chaos.iss.net.crt
rightrsasigkey=%cert
rightid=%fromcert
auth=esp
type=tunnel
auto=add
#< /etc/ipsec.d/charon.conf 1
conn charon-0
right=74.237.49.95
rightnexthop=65.14.248.11
rightrsasigkey=%cert
rightcert=charon.wittsend.com.crt
leftrsasigkey=%cert
leftcert=remus.wittsend.com.crt
type=tunnel
auto=add
conn charon-1
right=74.237.49.95
rightnexthop=65.14.248.11
rightsubnet=130.205.36.0/24
rightrsasigkey=%cert
rightcert=charon.wittsend.com.crt
leftrsasigkey=%cert
leftcert=remus.wittsend.com.crt
leftsubnet=130.205.32.0/24
type=tunnel
auto=add
#< /etc/ipsec.d/complex.conf 1
conn complex
right=65.7.156.165
rightnexthop=65.14.248.12
rightsubnet=130.205.0.0/19
rightrsasigkey=%cert
rightcert=complex.wittsend.com.crt
rightid=%fromcert
rightca=%any
leftrsasigkey=%cert
type=tunnel
auto=add
#< /etc/ipsec.d/kolvir.conf 1
conn kolvir
right=209.134.176.84
rightrsasigkey=%cert
rightcert=kolvir.iss.net.crt
rightca=%any
leftrsasigkey=%cert
auth=esp
type=transport
pfs=yes
rekey=yes
auto=add
forceencaps=yes
#< /etc/ipsec.d/levy.conf 1
conn levy-0
rightrsasigkey=%cert
rightcert=levy.bythesea.org.crt
leftrsasigkey=%cert
type=tunnel
auto=add
conn levy-1
rightsubnet=130.205.37.0/24
rightrsasigkey=%cert
rightcert=levy.bythesea.org.crt
leftrsasigkey=%cert
leftsubnet=0.0.0.0/0
type=tunnel
auto=add
#< /etc/ipsec.d/rebma.conf 1
conn rebma
right=209.134.176.68
rightnexthop=
rightsubnet=
rightcert=rebma.iss.net.crt
rightrsasigkey=%cert
rightid=%fromcert
auth=esp
type=tunnel
auto=add
#> /etc/ipsec.conf 18
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/hostkey.secrets 1
[sums to 68b3...]: RSA romulus.wittsend.com.key ""
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 Sep 30 12:13:30 2008, 1024 RSA Key AwEAAfKmu (no private key), until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:30 2008, 1024 RSA Key AwEAAfKmu (no private key), until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:30 2008, 1024 RSA Key AwEAAfKmu (no private key), until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:30 2008, 1024 RSA Key AwEAAfKmu (no private key), until Jul 26 14:45:14 2012 ok
000 ID_FQDN '@complex.commandcorp.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:30 2008, 1024 RSA Key AwEAAfKmu (no private key), until Jul 26 14:45:14 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbY6Q (no private key), until Jul 26 14:30:00 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAev6j (has private key), until Jan 28 12:45:00 2009 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAaOJQ (no private key), until Jul 26 15:52:50 2012 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAaRMA (no private key), until Jul 26 14:29:25 2012 ok
000 ID_IPV4_ADDR '209.134.176.84'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAaRMA (no private key), until Jul 26 14:29:25 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAdJeT (no private key), until Jul 26 14:32:56 2012 ok
000 ID_IPV4_ADDR '74.237.49.95'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAdJeT (no private key), until Jul 26 14:32:56 2012 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAc9BP (no private key), until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAc9BP (no private key), until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAc9BP (no private key), until Jul 26 14:44:39 2012 ok
000 ID_FQDN '@remus.commandcorp.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAc9BP (no private key), until Jul 26 14:44:39 2012 ok
000 ID_DER_ASN1_DN 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbuSp (no private key), until Jul 26 14:29:11 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbygH (no private key), until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbygH (no private key), until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.ip6.wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbygH (no private key), until Jul 26 14:53:50 2012 ok
000 ID_FQDN '@canyon.wittsend.org'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 Sep 30 12:13:11 2008, 1024 RSA Key AwEAAbygH (no private key), until Jul 26 14:53:50 2012 ok
000 ID_DER_ASN1_DN 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
000 Issuer 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: RSA (none) (none)
000
000 List of X.509 End Certificates:
000
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 32
000 pubkey: 1024 RSA Key AwEAAbY6Q
000 validity: not before Jul 26 14:30:00 2008 ok
000 not after Jul 26 14:30:00 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 2
000 subject: 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 3d
000 pubkey: 1024 RSA Key AwEAAaOJQ
000 validity: not before Jul 26 15:52:50 2008 ok
000 not after Jul 26 15:52:50 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 31
000 pubkey: 1024 RSA Key AwEAAaRMA
000 validity: not before Jul 26 14:29:25 2008 ok
000 not after Jul 26 14:29:25 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 38
000 pubkey: 1024 RSA Key AwEAAfKmu
000 validity: not before Jul 26 14:45:14 2008 ok
000 not after Jul 26 14:45:14 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 2
000 subject: 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 33
000 pubkey: 1024 RSA Key AwEAAdJeT
000 validity: not before Jul 26 14:32:56 2008 ok
000 not after Jul 26 14:32:56 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 2
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 37
000 pubkey: 1024 RSA Key AwEAAc9BP
000 validity: not before Jul 26 14:44:39 2008 ok
000 not after Jul 26 14:44:39 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 30
000 pubkey: 1024 RSA Key AwEAAbuSp
000 validity: not before Jul 26 14:29:11 2008 ok
000 not after Jul 26 14:29:11 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 3a
000 pubkey: 1024 RSA Key AwEAAbygH
000 validity: not before Jul 26 14:53:50 2008 ok
000 not after Jul 26 14:53:50 2012 ok
000 authkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 7
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 serial: 0c
000 pubkey: 1024 RSA Key AwEAAev6j, has private key
000 validity: not before Jan 28 12:45:00 2005 ok
000 not after Jan 28 12:45:00 2009 ok
000 authkey: 91:f0:06:d7:ad:12:ae:0b:02:36:bb:c8:a4:02:c1:5a:b5:0b:8c:ca
000
000 List of X.509 CA Certificates:
000
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
000 serial: 00:d3:63:dc:75:23:6e:da:7b
000 pubkey: 2048 RSA Key AwEAAbAaj
000 validity: not before Mar 24 13:29:15 2008 ok
000 not after Mar 22 13:29:15 2018 ok
000 subjkey: 82:bf:46:b1:90:fa:4a:41:18:21:32:da:56:85:69:60:5a:a7:e1:cc
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 issuer: 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
000 serial: 00
000 pubkey: 1024 RSA Key AwEAAaEbP
000 validity: not before Aug 01 10:42:32 2004 ok
000 not after Jul 30 10:42:32 2014 ok
000 subjkey: 7f:2a:6a:55:7b:a6:0f:aa:48:4e:c7:ee:00:6f:4c:ff:b8:ff:ec:37
000 Sep 30 12:13:11 2008, count: 1
000 subject: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 issuer: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
000 serial: 00
000 pubkey: 512 RSA Key AwEAAapCk
000 validity: not before Aug 01 10:44:01 2004 ok
000 not after Jul 30 10:44:01 2014 ok
000 subjkey: 91:f0:06:d7:ad:12:ae:0b:02:36:bb:c8:a4:02:c1:5a:b5:0b:8c:ca
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block.rpmnew
+ base=block.rpmnew
+ _________________________ ipsec/policies/block.rpmnew
+ cat /etc/ipsec.d/policies/block.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block.rpmsave
+ base=block.rpmsave
+ _________________________ ipsec/policies/block.rpmsave
+ cat /etc/ipsec.d/policies/block.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private.rpmnew
+ base=clear-or-private.rpmnew
+ _________________________ ipsec/policies/clear-or-private.rpmnew
+ cat /etc/ipsec.d/policies/clear-or-private.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private.rpmsave
+ base=clear-or-private.rpmsave
+ _________________________ ipsec/policies/clear-or-private.rpmsave
+ cat /etc/ipsec.d/policies/clear-or-private.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear.rpmnew
+ base=clear.rpmnew
+ _________________________ ipsec/policies/clear.rpmnew
+ cat /etc/ipsec.d/policies/clear.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $
#
#
# Michael's idea: Always have ROOT NAMESERVERS in the clear.
# It will make OE work much better on machines running caching
# resolvers.
#
# Based on: http://www.internic.net/zones/named.root
# This file holds the information on root name servers needed to
# last update: Jan 29, 2004
# related version of root zone: 2004012900
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
192.58.128.30/32
193.0.14.129/32
198.32.64.12/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear.rpmsave
+ base=clear.rpmsave
+ _________________________ ipsec/policies/clear.rpmsave
+ cat /etc/ipsec.d/policies/clear.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear.rpmnew
+ base=private-or-clear.rpmnew
+ _________________________ ipsec/policies/private-or-clear.rpmnew
+ cat /etc/ipsec.d/policies/private-or-clear.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear.rpmsave
+ base=private-or-clear.rpmsave
+ _________________________ ipsec/policies/private-or-clear.rpmsave
+ cat /etc/ipsec.d/policies/private-or-clear.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private.rpmnew
+ base=private.rpmnew
+ _________________________ ipsec/policies/private.rpmnew
+ cat /etc/ipsec.d/policies/private.rpmnew
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private.rpmsave
+ base=private.rpmsave
+ _________________________ ipsec/policies/private.rpmsave
+ cat /etc/ipsec.d/policies/private.rpmsave
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 15:37 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 15:37 _include
-rwxr-xr-x 1 root root 1475 Jun 6 15:37 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 15:37 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 15:37 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 15:37 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 15:37 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 15:37 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 15:37 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 15:37 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 15:37 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 15:37 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 15:37 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 15:37 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 15:37 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 15:37 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 15:37 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 15:37 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 15:37 auto
-rwxr-xr-x 1 root root 10758 Jun 6 15:37 barf
-rwxr-xr-x 1 root root 90088 Jun 6 15:37 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 15:37 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 15:37 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 15:37 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 15:37 look
-rwxr-xr-x 1 root root 1921 Jun 6 15:37 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 15:37 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 15:37 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 15:37 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 15:37 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 15:37 secrets
lrwxrwxrwx 1 root root 30 Sep 30 12:12 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 15:37 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 15:37 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 15:37 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 15:37 spi
-rwxr-xr-x 1 root root 77336 Jun 6 15:37 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 15:37 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 15:37 verify
-rwxr-xr-x 1 root root 50340 Jun 6 15:37 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 15:37 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 15:37 _include
-rwxr-xr-x 1 root root 1475 Jun 6 15:37 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 15:37 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 15:37 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 15:37 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 15:37 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 15:37 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 15:37 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 15:37 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 15:37 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 15:37 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 15:37 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 15:37 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 15:37 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 15:37 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 15:37 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 15:37 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 15:37 auto
-rwxr-xr-x 1 root root 10758 Jun 6 15:37 barf
-rwxr-xr-x 1 root root 90088 Jun 6 15:37 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 15:37 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 15:37 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 15:37 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 15:37 look
-rwxr-xr-x 1 root root 1921 Jun 6 15:37 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 15:37 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 15:37 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 15:37 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 15:37 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 15:37 secrets
lrwxrwxrwx 1 root root 30 Sep 30 12:12 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 15:37 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 15:37 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 15:37 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 15:37 spi
-rwxr-xr-x 1 root root 77336 Jun 6 15:37 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 15:37 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 15:37 verify
-rwxr-xr-x 1 root root 50340 Jun 6 15:37 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 2039214 11460 0 0 0 0 0 0 2039214 11460 0 0 0 0 0 0
eth0:4238573834 92067121 24009 0 0 24009 0 135573 280588210 1838316 67 0 0 241420 67 0
eth1:97708164 503498 0 0 0 0 0 2316 1100516268 960211 0 0 0 0 0 0
venet0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
veth0:2665711971 92768327 0 0 0 0 0 713626 141020254 1077862 0 0 0 0 0 0
veth1:88267857 500566 0 0 0 0 0 2496 1094988292 956920 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
tun6to4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
tun0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
veth1014.0: 21645 371 0 0 0 0 0 0 41466216 734313 0 0 0 0 0 0
veth1014.1: 468 7 0 0 0 0 0 0 199367 2645 0 0 0 0 0 0
veth1064.0: 172895 1664 0 0 0 0 0 0 41537904 735393 0 0 0 0 0 0
veth1064.1: 468 7 0 0 0 0 0 0 199235 2643 0 0 0 0 0 0
veth1065.0: 26779 358 0 0 0 0 0 0 41466214 734297 0 0 0 0 0 0
veth1065.1: 620 9 0 0 0 0 0 0 199007 2640 0 0 0 0 0 0
veth1074.0: 2144244 21706 0 0 0 0 0 0 40294950 717807 0 0 0 0 0 0
veth1074.1: 524 8 0 0 0 0 0 0 198855 2638 0 0 0 0 0 0
veth1075.0: 101493 782 0 0 0 0 0 0 41491785 734687 0 0 0 0 0 0
veth1075.1: 468 7 0 0 0 0 0 0 198627 2635 0 0 0 0 0 0
veth1076.0: 27703 365 0 0 0 0 0 0 41464346 734279 0 0 0 0 0 0
veth1076.1: 412 6 0 0 0 0 0 0 198119 2628 0 0 0 0 0 0
veth1077.0: 100245 716 0 0 0 0 0 0 41488707 734659 0 0 0 0 0 0
veth1077.1: 412 6 0 0 0 0 0 0 197839 2624 0 0 0 0 0 0
veth1078.0: 25730 334 0 0 0 0 0 0 41459947 734195 0 0 0 0 0 0
veth1078.1: 412 6 0 0 0 0 0 0 197179 2615 0 0 0 0 0 0
veth1079.0: 1438124 1915 0 0 0 0 0 0 41562827 735445 0 0 0 0 0 0
veth1079.1: 412 6 0 0 0 0 0 0 196523 2606 0 0 0 0 0 0
veth1081.0:26587339 50101 0 0 0 0 0 0 42153311 740432 0 0 0 0 0 0
veth1081.1: 1890366 1801 0 0 0 0 0 0 345643 4160 0 0 0 0 0 0
veth1082.0: 2858941 71177 0 0 0 0 0 0 44922290 805129 0 0 0 0 0 0
veth1082.1: 508 7 0 0 0 0 0 0 195199 2588 0 0 0 0 0 0
veth1083.0: 21338 341 0 0 0 0 0 0 41455328 734111 0 0 0 0 0 0
veth1083.1: 30364 323 0 0 0 0 0 0 226088 2852 0 0 0 0 0 0
veth1084.0: 31716 432 0 0 0 0 0 0 41465125 734123 0 0 0 0 0 0
veth1084.1: 6809 60 0 0 0 0 0 0 216402 2632 0 0 0 0 0 0
veth1087.0: 24636 378 0 0 0 0 0 0 41450585 733983 0 0 0 0 0 0
veth1087.1: 29462 218 0 0 0 0 0 0 222669 2763 0 0 0 0 0 0
veth1088.0: 42286 640 0 0 0 0 0 0 41469913 734082 0 0 0 0 0 0
veth1088.1: 412 6 0 0 0 0 0 0 192159 2546 0 0 0 0 0 0
veth1176.0: 2742067 26492 0 0 0 0 0 0 41213840 723338 0 0 0 0 0 0
veth1176.1: 17542 126 0 0 0 0 0 0 206990 2627 0 0 0 0 0 0
veth1192.0: 2240785 25295 0 0 0 0 0 0 40773327 721710 0 0 0 0 0 0
veth1192.1: 19187 128 0 0 0 0 0 0 198184 2561 0 0 0 0 0 0
veth1208.0: 4633497 34595 0 0 0 0 0 0 41048256 729478 0 0 0 0 0 0
veth1208.1: 412 6 0 0 0 0 0 0 186508 2495 0 0 0 0 0 0
veth1080.0: 842476 8678 0 0 0 0 0 0 16116996 292044 0 0 0 0 0 0
veth1080.1: 27664 206 0 0 0 0 0 0 96170 1200 0 0 0 0 0 0
veth1086.0: 14741 198 0 0 0 0 0 0 16915402 300199 0 0 0 0 0 0
veth1086.1: 12610 118 0 0 0 0 0 0 86670 1093 0 0 0 0 0 0
veth1112.0: 232821 3716 0 0 0 0 0 0 17351730 304152 0 0 0 0 0 0
veth1112.1: 12542 142 0 0 0 0 0 0 102278 1110 0 0 0 0 0 0
veth1120.0: 9390382 28607 0 0 0 0 0 0 19882176 329789 0 0 0 0 0 0
veth1120.1: 448 7 0 0 0 0 0 0 73968 985 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
tun0 02FA1FAC 00000000 0005 0 0 0 FFFFFFFF 0 0 0
veth0 3220CD82 0420CD82 0007 0 0 20 FFFFFFFF 0 0 0
veth0 02FF1FAC 0420CD82 0007 0 0 20 FFFFFFFF 0 0 0
veth0 0027CD82 0820CD82 0003 0 0 0 00FFFFFF 0 0 0
tun0 00FA1FAC 02FA1FAC 0003 0 0 0 00FFFFFF 0 0 0
veth0 00FF1FAC 0420CD82 0003 0 0 20 00FFFFFF 0 0 0
veth0 0021CD82 0820CD82 0003 0 0 0 00FFFFFF 0 0 0
veth1 00C01FAC 00000000 0001 0 0 0 00FFFFFF 0 0 0
veth0 009CCD82 0E20CD82 0003 0 0 0 00FCFFFF 0 0 0
veth0 0024CD82 0420CD82 0003 0 0 20 00FCFFFF 0 0 0
veth0 0020CD82 00000000 0001 0 0 0 00F0FFFF 0 0 0
veth0 00A0CD82 0E20CD82 0003 0 0 0 00E0FFFF 0 0 0
veth0 0000CD82 0420CD82 0003 0 0 0 00E0FFFF 0 0 0
veth0 00C0CD82 0E20CD82 0003 0 0 0 00C0FFFF 0 0 0
veth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
veth0 00000000 0120CD82 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter pan0/rp_filter sit0/rp_filter tun0/rp_filter tun6to4/rp_filter venet0/rp_filter veth0/rp_filter veth1014.0/rp_filter veth1014.1/rp_filter veth1064.0/rp_filter veth1064.1/rp_filter veth1065.0/rp_filter veth1065.1/rp_filter veth1074.0/rp_filter veth1074.1/rp_filter veth1075.0/rp_filter veth1075.1/rp_filter veth1076.0/rp_filter veth1076.1/rp_filter veth1077.0/rp_filter veth1077.1/rp_filter veth1078.0/rp_filter veth1078.1/rp_filter veth1079.0/rp_filter veth1079.1/rp_filter veth1080.0/rp_filter veth1080.1/rp_filter veth1081.0/rp_filter veth1081.1/rp_filter veth1082.0/rp_filter veth1082.1/rp_filter veth1083.0/rp_filter veth1083.1/rp_filter veth1084.0/rp_filter veth1084.1/rp_filter veth1086.0/rp_filter veth1086.1/rp_filter veth1087.0/rp_filter veth1087.1/rp_filter veth1088.0/rp_filter veth1088.1/rp_filter veth1112.0/rp_filter veth1112.1/rp_filter veth1120.0/rp_filter veth1120.1/rp_filter veth1176.0/rp_filter veth1176.1/rp_filter veth1192.0/rp_filter veth1192.1/rp_filter veth1208.0/rp_filter veth1208.1/rp_filter veth1/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
sit0/rp_filter:1
tun0/rp_filter:1
tun6to4/rp_filter:1
venet0/rp_filter:1
veth0/rp_filter:1
veth1014.0/rp_filter:1
veth1014.1/rp_filter:1
veth1064.0/rp_filter:1
veth1064.1/rp_filter:1
veth1065.0/rp_filter:1
veth1065.1/rp_filter:1
veth1074.0/rp_filter:1
veth1074.1/rp_filter:1
veth1075.0/rp_filter:1
veth1075.1/rp_filter:1
veth1076.0/rp_filter:1
veth1076.1/rp_filter:1
veth1077.0/rp_filter:1
veth1077.1/rp_filter:1
veth1078.0/rp_filter:1
veth1078.1/rp_filter:1
veth1079.0/rp_filter:1
veth1079.1/rp_filter:1
veth1080.0/rp_filter:1
veth1080.1/rp_filter:1
veth1081.0/rp_filter:1
veth1081.1/rp_filter:1
veth1082.0/rp_filter:1
veth1082.1/rp_filter:1
veth1083.0/rp_filter:1
veth1083.1/rp_filter:1
veth1084.0/rp_filter:1
veth1084.1/rp_filter:1
veth1086.0/rp_filter:1
veth1086.1/rp_filter:1
veth1087.0/rp_filter:1
veth1087.1/rp_filter:1
veth1088.0/rp_filter:1
veth1088.1/rp_filter:1
veth1112.0/rp_filter:1
veth1112.1/rp_filter:1
veth1120.0/rp_filter:1
veth1120.1/rp_filter:1
veth1176.0/rp_filter:1
veth1176.1/rp_filter:1
veth1192.0/rp_filter:1
veth1192.1/rp_filter:1
veth1208.0/rp_filter:1
veth1208.1/rp_filter:1
veth1/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects pan0/accept_redirects pan0/secure_redirects pan0/send_redirects sit0/accept_redirects sit0/secure_redirects sit0/send_redirects tun0/accept_redirects tun0/secure_redirects tun0/send_redirects tun6to4/accept_redirects tun6to4/secure_redirects tun6to4/send_redirects venet0/accept_redirects venet0/secure_redirects venet0/send_redirects veth0/accept_redirects veth0/secure_redirects veth0/send_redirects veth1014.0/accept_redirects veth1014.0/secure_redirects veth1014.0/send_redirects veth1014.1/accept_redirects veth1014.1/secure_redirects veth1014.1/send_redirects veth1064.0/accept_redirects veth1064.0/secure_redirects veth1064.0/send_redirects veth1064.1/accept_redirects veth1064.1/secure_redirects veth1064.1/send_redirects veth1065.0/accept_redirects veth1065.0/secure_redirects veth1065.0/send_redirects veth1065.1/accept_redirects veth1065.1/secure_redirects veth1065.1/send_redirects veth1074.0/accept_redirects veth1074.0/secure_redirects veth1074.0/send_redirects veth1074.1/accept_redirects veth1074.1/secure_redirects veth1074.1/send_redirects veth1075.0/accept_redirects veth1075.0/secure_redirects veth1075.0/send_redirects veth1075.1/accept_redirects veth1075.1/secure_redirects veth1075.1/send_redirects veth1076.0/accept_redirects veth1076.0/secure_redirects veth1076.0/send_redirects veth1076.1/accept_redirects veth1076.1/secure_redirects veth1076.1/send_redirects veth1077.0/accept_redirects veth1077.0/secure_redirects veth1077.0/send_redirects veth1077.1/accept_redirects veth1077.1/secure_redirects veth1077.1/send_redirects veth1078.0/accept_redirects veth1078.0/secure_redirects veth1078.0/send_redirects veth1078.1/accept_redirects veth1078.1/secure_redirects veth1078.1/send_redirects veth1079.0/accept_redirects veth1079.0/secure_redirects veth1079.0/send_redirects veth1079.1/accept_redirects veth1079.1/secure_redirects veth1079.1/send_redirects veth1080.0/accept_redirects veth1080.0/secure_redirects veth1080.0/send_redirects veth1080.1/accept_redirects veth1080.1/secure_redirects veth1080.1/send_redirects veth1081.0/accept_redirects veth1081.0/secure_redirects veth1081.0/send_redirects veth1081.1/accept_redirects veth1081.1/secure_redirects veth1081.1/send_redirects veth1082.0/accept_redirects veth1082.0/secure_redirects veth1082.0/send_redirects veth1082.1/accept_redirects veth1082.1/secure_redirects veth1082.1/send_redirects veth1083.0/accept_redirects veth1083.0/secure_redirects veth1083.0/send_redirects veth1083.1/accept_redirects veth1083.1/secure_redirects veth1083.1/send_redirects veth1084.0/accept_redirects veth1084.0/secure_redirects veth1084.0/send_redirects veth1084.1/accept_redirects veth1084.1/secure_redirects veth1084.1/send_redirects veth1086.0/accept_redirects veth1086.0/secure_redirects veth1086.0/send_redirects veth1086.1/accept_redirects veth1086.1/secure_redirects veth1086.1/send_redirects veth1087.0/accept_redirects veth1087.0/secure_redirects veth1087.0/send_redirects veth1087.1/accept_redirects veth1087.1/secure_redirects veth1087.1/send_redirects veth1088.0/accept_redirects veth1088.0/secure_redirects veth1088.0/send_redirects veth1088.1/accept_redirects veth1088.1/secure_redirects veth1088.1/send_redirects veth1112.0/accept_redirects veth1112.0/secure_redirects veth1112.0/send_redirects veth1112.1/accept_redirects veth1112.1/secure_redirects veth1112.1/send_redirects veth1120.0/accept_redirects veth1120.0/secure_redirects veth1120.0/send_redirects veth1120.1/accept_redirects veth1120.1/secure_redirects veth1120.1/send_redirects veth1176.0/accept_redirects veth1176.0/secure_redirects veth1176.0/send_redirects veth1176.1/accept_redirects veth1176.1/secure_redirects veth1176.1/send_redirects veth1192.0/accept_redirects veth1192.0/secure_redirects veth1192.0/send_redirects veth1192.1/accept_redirects veth1192.1/secure_redirects veth1192.1/send_redirects veth1208.0/accept_redirects veth1208.0/secure_redirects veth1208.0/send_redirects veth1208.1/accept_redirects veth1208.1/secure_redirects veth1208.1/send_redirects veth1/accept_redirects veth1/secure_redirects veth1/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
eth1/accept_redirects:1
eth1/secure_redirects:1
eth1/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
pan0/accept_redirects:1
pan0/secure_redirects:1
pan0/send_redirects:1
sit0/accept_redirects:1
sit0/secure_redirects:1
sit0/send_redirects:1
tun0/accept_redirects:1
tun0/secure_redirects:1
tun0/send_redirects:1
tun6to4/accept_redirects:1
tun6to4/secure_redirects:1
tun6to4/send_redirects:1
venet0/accept_redirects:1
venet0/secure_redirects:1
venet0/send_redirects:0
veth0/accept_redirects:1
veth0/secure_redirects:1
veth0/send_redirects:1
veth1014.0/accept_redirects:1
veth1014.0/secure_redirects:1
veth1014.0/send_redirects:1
veth1014.1/accept_redirects:1
veth1014.1/secure_redirects:1
veth1014.1/send_redirects:1
veth1064.0/accept_redirects:1
veth1064.0/secure_redirects:1
veth1064.0/send_redirects:1
veth1064.1/accept_redirects:1
veth1064.1/secure_redirects:1
veth1064.1/send_redirects:1
veth1065.0/accept_redirects:1
veth1065.0/secure_redirects:1
veth1065.0/send_redirects:1
veth1065.1/accept_redirects:1
veth1065.1/secure_redirects:1
veth1065.1/send_redirects:1
veth1074.0/accept_redirects:1
veth1074.0/secure_redirects:1
veth1074.0/send_redirects:1
veth1074.1/accept_redirects:1
veth1074.1/secure_redirects:1
veth1074.1/send_redirects:1
veth1075.0/accept_redirects:1
veth1075.0/secure_redirects:1
veth1075.0/send_redirects:1
veth1075.1/accept_redirects:1
veth1075.1/secure_redirects:1
veth1075.1/send_redirects:1
veth1076.0/accept_redirects:1
veth1076.0/secure_redirects:1
veth1076.0/send_redirects:1
veth1076.1/accept_redirects:1
veth1076.1/secure_redirects:1
veth1076.1/send_redirects:1
veth1077.0/accept_redirects:1
veth1077.0/secure_redirects:1
veth1077.0/send_redirects:1
veth1077.1/accept_redirects:1
veth1077.1/secure_redirects:1
veth1077.1/send_redirects:1
veth1078.0/accept_redirects:1
veth1078.0/secure_redirects:1
veth1078.0/send_redirects:1
veth1078.1/accept_redirects:1
veth1078.1/secure_redirects:1
veth1078.1/send_redirects:1
veth1079.0/accept_redirects:1
veth1079.0/secure_redirects:1
veth1079.0/send_redirects:1
veth1079.1/accept_redirects:1
veth1079.1/secure_redirects:1
veth1079.1/send_redirects:1
veth1080.0/accept_redirects:1
veth1080.0/secure_redirects:1
veth1080.0/send_redirects:1
veth1080.1/accept_redirects:1
veth1080.1/secure_redirects:1
veth1080.1/send_redirects:1
veth1081.0/accept_redirects:1
veth1081.0/secure_redirects:1
veth1081.0/send_redirects:1
veth1081.1/accept_redirects:1
veth1081.1/secure_redirects:1
veth1081.1/send_redirects:1
veth1082.0/accept_redirects:1
veth1082.0/secure_redirects:1
veth1082.0/send_redirects:1
veth1082.1/accept_redirects:1
veth1082.1/secure_redirects:1
veth1082.1/send_redirects:1
veth1083.0/accept_redirects:1
veth1083.0/secure_redirects:1
veth1083.0/send_redirects:1
veth1083.1/accept_redirects:1
veth1083.1/secure_redirects:1
veth1083.1/send_redirects:1
veth1084.0/accept_redirects:1
veth1084.0/secure_redirects:1
veth1084.0/send_redirects:1
veth1084.1/accept_redirects:1
veth1084.1/secure_redirects:1
veth1084.1/send_redirects:1
veth1086.0/accept_redirects:1
veth1086.0/secure_redirects:1
veth1086.0/send_redirects:1
veth1086.1/accept_redirects:1
veth1086.1/secure_redirects:1
veth1086.1/send_redirects:1
veth1087.0/accept_redirects:1
veth1087.0/secure_redirects:1
veth1087.0/send_redirects:1
veth1087.1/accept_redirects:1
veth1087.1/secure_redirects:1
veth1087.1/send_redirects:1
veth1088.0/accept_redirects:1
veth1088.0/secure_redirects:1
veth1088.0/send_redirects:1
veth1088.1/accept_redirects:1
veth1088.1/secure_redirects:1
veth1088.1/send_redirects:1
veth1112.0/accept_redirects:1
veth1112.0/secure_redirects:1
veth1112.0/send_redirects:1
veth1112.1/accept_redirects:1
veth1112.1/secure_redirects:1
veth1112.1/send_redirects:1
veth1120.0/accept_redirects:1
veth1120.0/secure_redirects:1
veth1120.0/send_redirects:1
veth1120.1/accept_redirects:1
veth1120.1/secure_redirects:1
veth1120.1/send_redirects:1
veth1176.0/accept_redirects:1
veth1176.0/secure_redirects:1
veth1176.0/send_redirects:1
veth1176.1/accept_redirects:1
veth1176.1/secure_redirects:1
veth1176.1/send_redirects:1
veth1192.0/accept_redirects:1
veth1192.0/secure_redirects:1
veth1192.0/send_redirects:1
veth1192.1/accept_redirects:1
veth1192.1/secure_redirects:1
veth1192.1/send_redirects:1
veth1208.0/accept_redirects:1
veth1208.0/secure_redirects:1
veth1208.0/send_redirects:1
veth1208.1/accept_redirects:1
veth1208.1/secure_redirects:1
veth1208.1/send_redirects:1
veth1/accept_redirects:1
veth1/secure_redirects:1
veth1/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux romulus.wittsend.com 2.6.24-ovz005.1 #1 SMP Mon May 12 16:38:09 MSD 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 9 (Sulphur)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.24-ovz005.1) support detected '
NETKEY (2.6.24-ovz005.1) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
312K 38M ACCEPT all -- * * 130.205.32.0/22 0.0.0.0/0
1561K 230M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 4931K packets, 515M bytes)
pkts bytes target prot opt in out source destination
40M 3975M DROP all -- * * 0.0.0.0/0 130.205.192.0/18
21M 2087M DROP all -- * * 0.0.0.0/0 130.205.160.0/19
2443K 244M DROP all -- * * 0.0.0.0/0 130.205.156.0/22
Chain OUTPUT (policy ACCEPT 1081K packets, 128M bytes)
pkts bytes target prot opt in out source destination
Chain FTP-INPUT (1 references)
pkts bytes target prot opt in out source destination
2 100 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 state ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
Chain FTP-OUTPUT (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
Chain RH-Firewall-1-INPUT (1 references)
pkts bytes target prot opt in out source destination
10991 1996K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- vmnet1 * 0.0.0.0/0 0.0.0.0/0
104 6334 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT 41 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
14 3035 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
1622 569K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
1403K 137M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500
142K 91M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.205.32.71 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 130.205.32.71 state NEW tcp dpts:1024:65535
78 3768 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
8 480 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:113
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:389
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:636
27 1553 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8008
1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
48 3072 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:179
3140 160K FTP-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
2848 141K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
290 18601 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 314K packets, 70M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1791 packets, 123K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1157 packets, 86719 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 92M packets, 11G bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1873K packets, 268M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 68M packets, 6821M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1081K packets, 128M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 6012K packets, 643M bytes)
pkts bytes target prot opt in out source destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipcomp6 9864 0 - Live 0xf9000000
ipcomp 9608 0 - Live 0xf8ee4000
ah6 9600 0 - Live 0xf8fda000
ah4 8448 0 - Live 0xf8f86000
esp6 9472 0 - Live 0xf8f82000
esp4 9472 0 - Live 0xf8f7e000
xfrm4_mode_beet 6144 0 - Live 0xf8f7b000
xfrm4_tunnel 6144 0 - Live 0xf8f72000
xfrm4_mode_tunnel 6144 0 - Live 0xf8f6f000
xfrm4_mode_transport 5632 0 - Live 0xf8f6c000
xfrm6_mode_transport 5632 0 - Live 0xf8f69000
xfrm6_mode_ro 5504 0 - Live 0xf8f55000
xfrm6_mode_beet 5760 0 - Live 0xf8f52000
xfrm6_mode_tunnel 6144 0 - Live 0xf8f4f000
af_key 33936 0 - Live 0xf8f5a000
iptable_nat 11140 0 - Live 0xf8f65000
nf_nat 19384 1 iptable_nat, Live 0xf8f75000
deflate 6528 0 - Live 0xf8fcd000
zlib_deflate 21912 1 deflate, Live 0xf8fe8000
camellia 39552 0 - Live 0xf8ff5000
crypto_null 6144 0 - Live 0xf8fca000
serpent 21632 0 - Live 0xf8fe1000
blowfish 12160 0 - Live 0xf8fc6000
twofish 10624 0 - Live 0xf8fc2000
twofish_common 35200 1 twofish, Live 0xf8fd0000
ecb 6400 0 - Live 0xf8fbf000
xcbc 8456 0 - Live 0xf8fbb000
cbc 7424 0 - Live 0xf8f8f000
sha256_generic 12928 0 - Live 0xf8fb6000
sha512 13184 0 - Live 0xf8fb1000
des_generic 19200 0 - Live 0xf8f9f000
aes_i586 37888 0 - Live 0xf8fa6000
geode_aes 8712 0 - Live 0xf8f9b000
blkcipher 9220 3 ecb,cbc,geode_aes, Live 0xf8f8b000
aes_generic 32192 0 - Live 0xf8f92000
xfrm6_tunnel 10016 1 ipcomp6, Live 0xf8f4b000
tunnel6 6536 1 xfrm6_tunnel, Live 0xf8f48000
ftdi_sio 35732 0 - Live 0xf8f34000
usbserial 30952 1 ftdi_sio, Live 0xf8f3f000
simfs 7628 22 - Live 0xf8ede000
vzrst 122772 0 - Live 0xf8ef3000
vzcpt 103204 0 - Live 0xf8f13000
vzdquota 40600 22 [permanent], Live 0xf8ee8000
ipt_LOG 9600 2 - Live 0xf8ec4000
xt_conntrack 6144 0 - Live 0xf8ed7000
xt_length 5632 0 - Live 0xf8ed4000
ipt_ttl 5376 0 - Live 0xf8ed1000
xt_tcpmss 5760 0 - Live 0xf8ece000
xt_TCPMSS 7552 0 - Live 0xf8ecb000
iptable_mangle 7552 22 - Live 0xf8ec8000
xt_multiport 6912 8 - Live 0xf8ae7000
xt_limit 6016 0 - Live 0xf8ec1000
ipt_tos 5248 0 - Live 0xf8aea000
rfcomm 35100 4 - Live 0xf8e89000
bnep 14848 2 - Live 0xf8b15000
l2cap 22148 16 rfcomm,bnep, Live 0xf8eba000
bluetooth 48228 5 rfcomm,bnep,l2cap, Live 0xf8e68000
autofs4 21252 4 - Live 0xf8e82000
fuse 44040 45 - Live 0xf8e76000
tun 12288 3 vzrst,vzcpt, Live 0xf8b11000
sunrpc 153500 3 - Live 0xf8e93000
sit 12928 22 - Live 0xf8b0c000
tunnel4 6664 2 xfrm4_tunnel,sit, Live 0xf8b09000
bridge 49560 0 - Live 0xf8b1a000
nf_conntrack_ftp 11048 0 - Live 0xf8b05000
ipt_REJECT 7424 3 - Live 0xf8af2000
xt_tcpudp 6912 60 - Live 0xf8ae1000
nf_conntrack_ipv4 14472 66 iptable_nat, Live 0xf8aed000
xt_state 5760 42 - Live 0xf8ae4000
nf_conntrack 60752 6 iptable_nat,nf_nat,xt_conntrack,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state, Live 0xf8af5000
iptable_filter 7428 27 - Live 0xf8aad000
ip_tables 15064 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xf8aa8000
x_tables 15620 14 iptable_nat,ipt_LOG,xt_conntrack,xt_length,ipt_ttl,xt_tcpmss,xt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,xt_tcpudp,xt_state,ip_tables, Live 0xf8a60000
dm_mirror 22912 0 - Live 0xf8aa1000
dm_multipath 19080 0 - Live 0xf8a19000
dm_mod 52676 5 dm_mirror,dm_multipath, Live 0xf8ab2000
vzethdev 12288 0 - Live 0xf89e5000
vznetdev 18180 25 - Live 0xf8a54000
vzmon 31496 26 vzrst,vzcpt,vzethdev,vznetdev, Live 0xf8a76000
ipv6 240384 331 ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_tunnel,tunnel6,vzrst,vzcpt,sit,vzmon, Live 0xf8b2a000
vzdev 6532 6 vzdquota,vzethdev,vznetdev,vzmon, Live 0xf89e9000
sr_mod 17704 0 - Live 0xf8a13000
cdrom 36928 1 sr_mod, Live 0xf8a29000
floppy 54916 0 - Live 0xf8a67000
sg 33564 0 - Live 0xf8a1f000
e1000 115584 0 - Live 0xf8a36000
button 10256 0 - Live 0xf8a0f000
ata_piix 18052 0 - Live 0xf89c8000
i2c_i801 11920 0 - Live 0xf89e1000
iTCO_wdt 13868 0 - Live 0xf89dc000
ata_generic 8712 0 - Live 0xf89d8000
iTCO_vendor_support 7176 1 iTCO_wdt, Live 0xf89d5000
i6300esb 8988 0 - Live 0xf893c000
i2c_core 21376 1 i2c_i801, Live 0xf89ce000
pata_acpi 8576 0 - Live 0xf896e000
pcspkr 6272 0 - Live 0xf8969000
sata_sil 11660 10 - Live 0xf8965000
libata 132316 4 ata_piix,ata_generic,pata_acpi,sata_sil, Live 0xf89ed000
sd_mod 26880 12 - Live 0xf89be000
scsi_mod 126764 4 sr_mod,sg,libata,sd_mod, Live 0xf897f000
ext3 113032 9 - Live 0xf89a1000
jbd 41620 1 ext3, Live 0xf8973000
mbcache 10112 1 ext3, Live 0xf8961000
uhci_hcd 24852 0 - Live 0xf8920000
ohci_hcd 23308 0 - Live 0xf8932000
ehci_hcd 33560 0 - Live 0xf8928000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 3892160 kB
MemFree: 119536 kB
Buffers: 539628 kB
Cached: 2031800 kB
SwapCached: 4 kB
Active: 1815948 kB
Inactive: 1637276 kB
HighTotal: 3014592 kB
HighFree: 90880 kB
LowTotal: 877568 kB
LowFree: 28656 kB
SwapTotal: 2096440 kB
SwapFree: 2096316 kB
Dirty: 864 kB
Writeback: 0 kB
AnonPages: 881792 kB
Mapped: 155716 kB
Slab: 287360 kB
SReclaimable: 241076 kB
SUnreclaim: 46284 kB
PageTables: 11688 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 4042520 kB
Committed_AS: 2305804 kB
VmallocTotal: 114680 kB
VmallocUsed: 8100 kB
VmallocChunk: 106472 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
CONFIG_IP_DCCP_ACKVEC=y
CONFIG_IP_DCCP_CCID2=m
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_CCID3_RTO=100
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IP1000=m
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
# CONFIG_IPW2200_DEBUG is not set
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_GEODE=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
CONFIG_CRYPTO_DEV_GEODE=m
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
search wittsend.com
nameserver 130.205.32.4
nameserver 130.205.38.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 2
drwxr-xr-x 5 root root 1024 Sep 25 15:34 2.6.24-ovz005.1
drwxr-xr-x 7 root root 1024 Sep 28 00:23 2.6.26.3-29.fc9.i686
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05b7f0a T netif_rx
c05b8050 T netif_rx_ni
c06f7348 r __ksymtab_netif_rx_ni
c06f7448 r __ksymtab_netif_rx
c0707b23 r __kstrtab_netif_rx_ni
c0707d59 r __kstrtab_netif_rx
c05b8050 u netif_rx_ni [bnep]
c05b8050 u netif_rx_ni [tun]
c05b7f0a u netif_rx [sit]
c05b7f0a u netif_rx [vzethdev]
c05b7f0a u netif_rx [vznetdev]
c05b7f0a u netif_rx [ipv6]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.24-ovz005.1:
2.6.26.3-29.fc9.i686:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '5277,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Sep 30 12:13:10 romulus ipsec_setup: Starting Openswan IPsec U2.6.14/K2.6.24-ovz005.1...
Sep 30 12:13:10 romulus ipsec_setup:
Sep 30 12:13:10 romulus ipsec_setup:
Sep 30 12:13:10 romulus ipsec_setup: defaulting leftsubnet to 130.205.32.3
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from canyon.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "canyon"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from chaos.iss.net.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "chaos"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "charon-0"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "charon-1"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from complex.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "complex"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from kolvir.iss.net.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "kolvir"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "levy-0"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "levy-1"
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loading certificate from rebma.iss.net.crt
Sep 30 12:13:11 romulus ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus ipsec__plutorun: 002 no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus ipsec__plutorun: 002 added connection description "rebma"
Sep 30 12:13:11 romulus ipsec__plutorun: right: do something with host case: 0
Sep 30 12:13:11 romulus ipsec__plutorun: right: do something with host case: 0
+ _________________________ plog
+ sed -n '14263,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Sep 30 12:13:10 romulus ipsec__plutorun: Starting Pluto subsystem...
Sep 30 12:13:10 romulus pluto[10414]: Starting Pluto (Openswan Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:10414
Sep 30 12:13:10 romulus pluto[10414]: Setting NAT-Traversal port-4500 floating to on
Sep 30 12:13:10 romulus pluto[10414]: port floating activation criteria nat_t=1/port_float=1
Sep 30 12:13:10 romulus pluto[10414]: including NAT-Traversal patch (Version 0.6c)
Sep 30 12:13:10 romulus pluto[10414]: | opening /dev/urandom
Sep 30 12:13:10 romulus pluto[10414]: using /dev/urandom as source of random entropy
Sep 30 12:13:10 romulus pluto[10414]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Sep 30 12:13:10 romulus pluto[10414]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: starting up 1 cryptographic helpers
Sep 30 12:13:10 romulus pluto[10415]: | opening /dev/urandom
Sep 30 12:13:10 romulus pluto[10415]: using /dev/urandom as source of random entropy
Sep 30 12:13:10 romulus pluto[10415]: ! helper 0 waiting on fd: 8
Sep 30 12:13:10 romulus pluto[10414]: started helper pid=10415 (fd:7)
Sep 30 12:13:10 romulus pluto[10414]: Using Linux 2.6 IPsec interface code on 2.6.24-ovz005.1 (experimental code)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:11 romulus pluto[10414]: Changed path to directory '/etc/ipsec.d/cacerts'
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'wittsendCA.pem' (960 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'wittsendCA.crt' (960 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert is already present and identical
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'issCA.pem' (1042 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'issCA.crt' (1042 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert is already present and identical
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'WittsEndCA.crt' (1342 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'sha-1WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Mar 24 17:29:15 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Mar 22 17:29:15 UTC 2018'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'sha-1WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: Could not change to directory '/etc/ipsec.d/aacerts': /
Sep 30 12:13:11 romulus pluto[10414]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Sep 30 12:13:11 romulus pluto[10414]: Could not change to directory '/etc/ipsec.d/crls'
Sep 30 12:13:11 romulus pluto[10414]: Changing back to directory '/' failed - (2 No such file or directory)
Sep 30 12:13:11 romulus pluto[10414]: Changing back to directory '/' failed - (2 No such file or directory)
Sep 30 12:13:11 romulus pluto[10414]: | inserting event EVENT_LOG_DAILY, timeout in 42409 seconds
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection canyon with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from canyon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:53:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:53:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "canyon"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection chaos with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from chaos.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:11 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:11 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "chaos"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.37<209.134.176.37>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection charon-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 74.237.49.95 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "charon-0"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection charon-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 74.237.49.95 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "charon-1"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.0/24===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]===130.205.36.0/24
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection complex with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from complex.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "complex"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.12---65.7.156.165<65.7.156.165>[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com,+S=C]===130.205.0.0/19
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection kolvir with policy RSASIG+ENCRYPT+PFS+DONTREKEY+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from kolvir.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:25 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:25 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 209.134.176.84 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "kolvir"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.84<209.134.176.84>[+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+PFS+DONTREKEY+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection levy-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "levy-0"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection levy-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "levy-1"
Sep 30 12:13:11 romulus pluto[10414]: | 0.0.0.0/0===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]===130.205.37.0/24
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection rebma with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from rebma.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:30:00 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:30:00 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "rebma"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.68<209.134.176.68>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: listening for IKE messages
Sep 30 12:13:11 romulus pluto[10414]: | found lo with address 127.0.0.1
Sep 30 12:13:11 romulus pluto[10414]: | found veth0 with address 130.205.32.3
Sep 30 12:13:11 romulus pluto[10414]: | found veth1 with address 172.31.192.3
Sep 30 12:13:11 romulus pluto[10414]: | found tun0 with address 172.31.250.1
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun0/tun0 172.31.250.1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun0/tun0 172.31.250.1:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 172.31.192.3:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 172.31.192.3:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth0/veth0 130.205.32.3:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth0/veth0 130.205.32.3:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo 127.0.0.1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo 127.0.0.1:4500
Sep 30 12:13:11 romulus pluto[10414]: | found tun6to4 with address 2002:82cd:2003:0000:0000:0000:0000:0001
Sep 30 12:13:11 romulus pluto[10414]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
Sep 30 12:13:11 romulus pluto[10414]: | found veth1 with address 2001:4830:3000:0002:0280:3fff:fe03:455b
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo ::1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:13:11 romulus pluto[10414]: loading secrets from "/etc/ipsec.secrets"
Sep 30 12:13:11 romulus pluto[10414]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Sep 30 12:13:11 romulus pluto[10414]: loaded private key file '/etc/ipsec.d/private/romulus.wittsend.com.key' (887 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN RSA PRIVATE KEY-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END RSA PRIVATE KEY-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - RSAPrivateKey:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - version:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - privateExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - prime1:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - prime2:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - exponent1:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - exponent2:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - coefficient:
Sep 30 12:13:11 romulus pluto[10414]: loaded private key for keyid: PPK_RSA:AwEAAev6j
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 312 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 00 00 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: none
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 312
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 148
Sep 30 12:13:20 romulus pluto[10414]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 16
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: ignoring unknown Vendor ID payload [4f455f5d7b764b67436f4f49]
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [Dead Peer Detection]
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [RFC 3947] method set to=109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 30 12:13:20 romulus pluto[10414]: | creating state object #1 at 0x801145d8
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | inserting state object #1 on chain 27
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: responding to Main Mode
Sep 30 12:13:20 romulus pluto[10414]: | ****parse IPsec DOI SIT:
Sep 30 12:13:20 romulus pluto[10414]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:13:20 romulus pluto[10414]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 136
Sep 30 12:13:20 romulus pluto[10414]: | proposal number: 0
Sep 30 12:13:20 romulus pluto[10414]: | protocol ID: PROTO_ISAKMP
Sep 30 12:13:20 romulus pluto[10414]: | SPI size: 0
Sep 30 12:13:20 romulus pluto[10414]: | number of transforms: 4
Sep 30 12:13:20 romulus pluto[10414]: | *****parse ISAKMP Transform Payload (ISAKMP):
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:13:20 romulus pluto[10414]: | length: 32
Sep 30 12:13:20 romulus pluto[10414]: | transform number: 0
Sep 30 12:13:20 romulus pluto[10414]: | transform ID: KEY_IKE
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_LIFE_TYPE
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 1
Sep 30 12:13:20 romulus pluto[10414]: | [1 is OAKLEY_LIFE_SECONDS]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_LIFE_DURATION
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 3600
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 5
Sep 30 12:13:20 romulus pluto[10414]: | [5 is OAKLEY_3DES_CBC]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_HASH_ALGORITHM
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 1
Sep 30 12:13:20 romulus pluto[10414]: | [1 is OAKLEY_MD5]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 3
Sep 30 12:13:20 romulus pluto[10414]: | [3 is OAKLEY_RSA_SIG]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_GROUP_DESCRIPTION
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 5
Sep 30 12:13:20 romulus pluto[10414]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:13:20 romulus pluto[10414]: | Oakley Transform 0 accepted
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_OK
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 30 12:13:20 romulus pluto[10414]: | sending reply packet to 65.7.156.165:500 (from port 500)
Sep 30 12:13:20 romulus pluto[10414]: | sending 136 bytes for STATE_MAIN_R0 through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 30 12:13:20 romulus pluto[10414]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:13:20 romulus pluto[10414]: | phase 1 is done, looking for phase 2 to unpend
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 284 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: none
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 284
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:20 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R1
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:13:20 romulus pluto[10414]: | length: 196
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Sep 30 12:13:20 romulus pluto[10414]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:13:20 romulus pluto[10414]: | asking helper 0 to do build_kenonce op on seq: 1 (len=2668, pcw_work=1)
Sep 30 12:13:20 romulus pluto[10414]: | crypto helper write of request: cnt=2668<wlen=2668.
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_SUSPEND
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 read 2664+4/2668 bytesfd: 8
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 doing build_kenonce op id: 1
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 has finished work (cnt now 1)
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 replies to id: q#1
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:13:20 romulus pluto[10414]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:13:20 romulus pluto[10414]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:13:20 romulus pluto[10414]: | parent1 type: 7 group: 5 len: 2668
Sep 30 12:13:20 romulus pluto[10414]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:13:20 romulus pluto[10414]: | asking helper 0 to do compute dh+iv op on seq: 2 (len=2668, pcw_work=1)
Sep 30 12:13:20 romulus pluto[10414]: | crypto helper write of request: cnt=2668<wlen=2668.
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_OK
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 30 12:13:20 romulus pluto[10414]: | sending reply packet to 65.7.156.165:500 (from port 500)
Sep 30 12:13:20 romulus pluto[10414]: | sending 420 bytes for STATE_MAIN_R1 through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 30 12:13:20 romulus pluto[10414]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:13:20 romulus pluto[10414]: | phase 1 is done, looking for phase 2 to unpend
Sep 30 12:13:20 romulus pluto[10414]: | * processed 1 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 read 2664+4/2668 bytesfd: 8
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 doing compute dh+iv op id: 2
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 has finished work (cnt now 1)
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 replies to id: q#2
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | * processed 1 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 1548
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:20 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R2
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Identification Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:13:20 romulus pluto[10414]: | length: 176
Sep 30 12:13:20 romulus pluto[10414]: | ID type: ID_DER_ASN1_DN
Sep 30 12:13:20 romulus pluto[10414]: | DOI specific A: 0
Sep 30 12:13:20 romulus pluto[10414]: | DOI specific B: 0
Sep 30 12:13:20 romulus pluto[10414]: | obj: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:20 romulus pluto[10414]: | obj: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | obj: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | obj: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | obj: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | obj: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | obj: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:20 romulus pluto[10414]: | obj: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | obj: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:20 romulus pluto[10414]: | obj: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:20 romulus pluto[10414]: | obj: 73 65 6e 64 2e 63 6f 6d 07 00 03 f8 04 30 82 03
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x40(ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:13:20 romulus pluto[10414]: | length: 1016
Sep 30 12:13:20 romulus pluto[10414]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x80(ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:13:20 romulus pluto[10414]: | length: 194
Sep 30 12:13:20 romulus pluto[10414]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x200(ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Signature Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 132
Sep 30 12:13:20 romulus pluto[10414]: | removing 2 bytes of padding
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:20 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:20 romulus pluto[10414]: | v3
Sep 30 12:13:20 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:20 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:20 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:20 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:20 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:20 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | TRUE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:20 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:20 romulus pluto[10414]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:13:20 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:13:20 romulus pluto[10414]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:13:20 romulus pluto[10414]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:13:20 romulus pluto[10414]: | 3a
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:13:20 romulus pluto[10414]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:13:20 romulus pluto[10414]: | digest: 90 69 e2 aa
Sep 30 12:13:20 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:13:20 romulus pluto[10414]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:13:20 romulus pluto[10414]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:13:20 romulus pluto[10414]: | aa
Sep 30 12:13:20 romulus pluto[10414]: | reached self-signed root ca
Sep 30 12:13:20 romulus pluto[10414]: | Public key validated
Sep 30 12:13:20 romulus pluto[10414]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:13:20 romulus pluto[10414]: | CR 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | CR 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | CR 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | CR 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | CR 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | CR 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:13:20 romulus pluto[10414]: | CR 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:13:20 romulus pluto[10414]: | CR 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:13:20 romulus pluto[10414]: | CR 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:13:20 romulus pluto[10414]: | CR 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:13:20 romulus pluto[10414]: | CR 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:20 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:30 romulus pluto[10414]: |
Sep 30 12:13:30 romulus pluto[10414]: | *time to handle event
Sep 30 12:13:30 romulus pluto[10414]: | handling event EVENT_RETRANSMIT
Sep 30 12:13:30 romulus pluto[10414]: | event after this is EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:30 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:30 romulus pluto[10414]: | handling event EVENT_RETRANSMIT for <invalid> "complex" #1
Sep 30 12:13:30 romulus pluto[10414]: | sending 420 bytes for EVENT_RETRANSMIT through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:30 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
Sep 30 12:13:30 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:30 romulus pluto[10414]: |
Sep 30 12:13:30 romulus pluto[10414]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:30 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:30 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:30 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:30 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:30 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:13:30 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:30 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:30 romulus pluto[10414]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:13:30 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:30 romulus pluto[10414]: | length: 1548
Sep 30 12:13:30 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:30 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:30 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:30 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:30 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:30 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R2
Sep 30 12:13:30 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Identification Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:13:30 romulus pluto[10414]: | length: 176
Sep 30 12:13:30 romulus pluto[10414]: | ID type: ID_DER_ASN1_DN
Sep 30 12:13:30 romulus pluto[10414]: | DOI specific A: 0
Sep 30 12:13:30 romulus pluto[10414]: | DOI specific B: 0
Sep 30 12:13:30 romulus pluto[10414]: | obj: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:30 romulus pluto[10414]: | obj: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | obj: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | obj: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | obj: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | obj: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | obj: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:30 romulus pluto[10414]: | obj: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | obj: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:30 romulus pluto[10414]: | obj: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:30 romulus pluto[10414]: | obj: 73 65 6e 64 2e 63 6f 6d 07 00 03 f8 04 30 82 03
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x40(ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:13:30 romulus pluto[10414]: | length: 1016
Sep 30 12:13:30 romulus pluto[10414]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x80(ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:13:30 romulus pluto[10414]: | length: 194
Sep 30 12:13:30 romulus pluto[10414]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x200(ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Signature Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:30 romulus pluto[10414]: | length: 132
Sep 30 12:13:30 romulus pluto[10414]: | removing 2 bytes of padding
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:30 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:30 romulus pluto[10414]: | v3
Sep 30 12:13:30 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:30 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:30 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:30 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:30 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:30 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | TRUE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:30 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:30 romulus pluto[10414]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:13:30 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:30 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:13:30 romulus pluto[10414]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:13:30 romulus pluto[10414]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:13:30 romulus pluto[10414]: | 3a
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:13:30 romulus pluto[10414]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:13:30 romulus pluto[10414]: | digest: 90 69 e2 aa
Sep 30 12:13:30 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:30 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:13:30 romulus pluto[10414]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:13:30 romulus pluto[10414]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:13:30 romulus pluto[10414]: | aa
Sep 30 12:13:30 romulus pluto[10414]: | reached self-signed root ca
Sep 30 12:13:30 romulus pluto[10414]: | Public key validated
Sep 30 12:13:30 romulus pluto[10414]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:13:30 romulus pluto[10414]: | CR 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | CR 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | CR 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | CR 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | CR 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | CR 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:13:30 romulus pluto[10414]: | CR 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:13:30 romulus pluto[10414]: | CR 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:13:30 romulus pluto[10414]: | CR 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:13:30 romulus pluto[10414]: | CR 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:13:30 romulus pluto[10414]: | CR 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:30 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:30 romulus pluto[10414]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
Sep 30 12:13:30 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:30 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:40 romulus pluto[10414]: |
Sep 30 12:13:40 romulus pluto[10414]: | *time to handle event
Sep 30 12:13:40 romulus pluto[10414]: | handling event EVENT_NAT_T_KEEPALIVE
Sep 30 12:13:40 romulus pluto[10414]: | event after this is EVENT_RETRANSMIT in 10 seconds
Sep 30 12:13:40 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:40 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:46 romulus pluto[10414]: |
Sep 30 12:13:46 romulus pluto[10414]: | *received whack message
Sep 30 12:13:46 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:46 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 4 seconds for #1
Sep 30 12:13:46 romulus pluto[10414]: |
Sep 30 12:13:46 romulus pluto[10414]: | *received whack message
Sep 30 12:13:46 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:46 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 4 seconds for #1
Sep 30 12:13:47 romulus pluto[10414]: |
Sep 30 12:13:47 romulus pluto[10414]: | *received whack message
Sep 30 12:13:47 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:47 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 3 seconds for #1
+ _________________________ date
+ date
Tue Sep 30 12:13:47 EDT 2008
-------------- next part --------------
Sep 30 12:09:53 romulus ipsec__plutorun: Starting Pluto subsystem...
Sep 30 12:09:53 romulus pluto[8699]: Starting Pluto (Openswan Version 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE_]{vKgCoOI)
Sep 30 12:09:53 romulus pluto[8699]: Setting NAT-Traversal port-4500 floating to on
Sep 30 12:09:53 romulus pluto[8699]: port floating activation criteria nat_t=1/port_fload=1
Sep 30 12:09:53 romulus pluto[8699]: including NAT-Traversal patch (Version 0.6c)
Sep 30 12:09:53 romulus pluto[8699]: | opening /dev/urandom
Sep 30 12:09:53 romulus pluto[8699]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Sep 30 12:09:53 romulus pluto[8699]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 30 12:09:53 romulus pluto[8699]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 30 12:09:53 romulus pluto[8699]: starting up 1 cryptographic helpers
Sep 30 12:09:53 romulus pluto[8700]: | opening /dev/urandom
Sep 30 12:09:53 romulus pluto[8700]: ! helper 0 waiting on fd: 7
Sep 30 12:09:53 romulus pluto[8699]: started helper pid=8700 (fd:6)
Sep 30 12:09:53 romulus pluto[8699]: Using NETKEY IPsec interface code on 2.6.24-ovz005.1
Sep 30 12:09:54 romulus pluto[8699]: Changing to directory '/etc/ipsec.d/cacerts'
Sep 30 12:09:54 romulus pluto[8699]: loaded CA cert file 'wittsendCA.pem' (960 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | authcert inserted
Sep 30 12:09:54 romulus pluto[8699]: loaded CA cert file 'wittsendCA.crt' (960 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | authcert is already present and identical
Sep 30 12:09:54 romulus pluto[8699]: loaded CA cert file 'issCA.pem' (1042 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | authcert inserted
Sep 30 12:09:54 romulus pluto[8699]: loaded CA cert file 'issCA.crt' (1042 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | authcert is already present and identical
Sep 30 12:09:54 romulus pluto[8699]: loaded CA cert file 'WittsEndCA.crt' (1342 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'sha-1WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Mar 24 17:29:15 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Mar 22 17:29:15 UTC 2018'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'sha-1WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | authcert inserted
Sep 30 12:09:54 romulus pluto[8699]: Could not change to directory '/etc/ipsec.d/aacerts'
Sep 30 12:09:54 romulus pluto[8699]: Changing to directory '/etc/ipsec.d/ocspcerts'
Sep 30 12:09:54 romulus pluto[8699]: Could not change to directory '/etc/ipsec.d/crls'
Sep 30 12:09:54 romulus pluto[8699]: | inserting event EVENT_LOG_DAILY, timeout in 42606 seconds
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:54 romulus pluto[8699]: |
Sep 30 12:09:54 romulus pluto[8699]: | *received whack message
Sep 30 12:09:54 romulus pluto[8699]: | Added new connection charon-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectAltName'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - generalNames:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.ip6.wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.wittsend.org'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.commandcorp.com'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: added connection description "charon-0"
Sep 30 12:09:54 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]
Sep 30 12:09:54 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:54 romulus pluto[8699]: |
Sep 30 12:09:54 romulus pluto[8699]: | *received whack message
Sep 30 12:09:54 romulus pluto[8699]: | Added new connection complex with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectAltName'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - generalNames:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'complex.wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'complex.ip6.wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'complex.wittsend.org'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'complex.commandcorp.com'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: added connection description "complex"
Sep 30 12:09:54 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.12---65.7.156.165[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com]===130.205.0.0/19
Sep 30 12:09:54 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:54 romulus pluto[8699]: |
Sep 30 12:09:54 romulus pluto[8699]: | *received whack message
Sep 30 12:09:54 romulus pluto[8699]: | Added new connection charon-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'subjectAltName'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - generalNames:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.ip6.wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.wittsend.org'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:54 romulus pluto[8699]: | 'remus.commandcorp.com'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: added connection description "charon-1"
Sep 30 12:09:54 romulus pluto[8699]: | 130.205.32.0/24===130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...65.14.248.11---74.237.49.95[C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com]===130.205.36.0/24
Sep 30 12:09:54 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:54 romulus pluto[8699]: |
Sep 30 12:09:54 romulus pluto[8699]: | *received whack message
Sep 30 12:09:54 romulus pluto[8699]: | Added new connection chaos with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:29:11 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:29:11 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net is 0
Sep 30 12:09:54 romulus pluto[8699]: added connection description "chaos"
Sep 30 12:09:54 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.37[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net]
Sep 30 12:09:54 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:54 romulus pluto[8699]: |
Sep 30 12:09:54 romulus pluto[8699]: | *received whack message
Sep 30 12:09:54 romulus pluto[8699]: | Added new connection rebma with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:54 romulus pluto[8699]: bad right --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:54 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 12:09:54 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:54 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:54 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:54 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:54 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:54 romulus pluto[8699]: | v3
Sep 30 12:09:54 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:30:00 UTC 2008'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:54 romulus pluto[8699]: | 'Jul 26 18:30:00 UTC 2012'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:54 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
Sep 30 12:09:54 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:54 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:54 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:54 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:54 romulus pluto[8699]: | TRUE
Sep 30 12:09:54 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:54 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:54 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:54 romulus pluto[8699]: | FALSE
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:54 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:54 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:54 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:54 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:54 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:54 romulus pluto[8699]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net is 0
Sep 30 12:09:54 romulus pluto[8699]: added connection description "rebma"
Sep 30 12:09:54 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.68[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net]
Sep 30 12:09:54 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:54 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:09:55 romulus pluto[8699]: |
Sep 30 12:09:55 romulus pluto[8699]: | *received whack message
Sep 30 12:09:55 romulus pluto[8699]: | Added new connection kolvir with policy RSASIG+ENCRYPT+PFS
Sep 30 12:09:55 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:55 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:09:55 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:55 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:55 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:55 romulus pluto[8699]: | v3
Sep 30 12:09:55 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | TRUE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:55 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:55 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:55 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 12:09:55 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:55 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:55 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:55 romulus pluto[8699]: | v3
Sep 30 12:09:55 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jul 26 18:29:25 UTC 2008'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jul 26 18:29:25 UTC 2012'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | TRUE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:55 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:55 romulus pluto[8699]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net is 0
Sep 30 12:09:55 romulus pluto[8699]: added connection description "kolvir"
Sep 30 12:09:55 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...209.134.176.84[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net]
Sep 30 12:09:55 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+PFS
Sep 30 12:09:55 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 118 seconds
Sep 30 12:09:55 romulus pluto[8699]: |
Sep 30 12:09:55 romulus pluto[8699]: | *received whack message
Sep 30 12:09:55 romulus pluto[8699]: | Added new connection canyon with policy RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:55 romulus pluto[8699]: bad left --id: illegal (non-DNS-name) character in name (ignored)
Sep 30 12:09:55 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:09:55 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:55 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:55 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:55 romulus pluto[8699]: | v3
Sep 30 12:09:55 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | TRUE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:55 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:55 romulus pluto[8699]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:55 romulus pluto[8699]: loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 12:09:55 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:55 romulus pluto[8699]: | -----BEGIN CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | -----END CERTIFICATE-----
Sep 30 12:09:55 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:55 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - version:
Sep 30 12:09:55 romulus pluto[8699]: | v3
Sep 30 12:09:55 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - signature:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - validity:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jul 26 18:53:50 UTC 2008'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:09:55 romulus pluto[8699]: | 'Jul 26 18:53:50 UTC 2012'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subject:
Sep 30 12:09:55 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | TRUE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - CA:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L4 - extension:
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:09:55 romulus pluto[8699]: | 'subjectAltName'
Sep 30 12:09:55 romulus pluto[8699]: | L5 - critical:
Sep 30 12:09:55 romulus pluto[8699]: | FALSE
Sep 30 12:09:55 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:09:55 romulus pluto[8699]: | L6 - generalNames:
Sep 30 12:09:55 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:55 romulus pluto[8699]: | 'canyon.wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:55 romulus pluto[8699]: | 'canyon.ip6.wittsend.com'
Sep 30 12:09:55 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:09:55 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:09:55 romulus pluto[8699]: | 'canyon.wittsend.org'
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:09:55 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:09:55 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:09:55 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:09:55 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:09:55 romulus pluto[8699]: | certificate is valid
Sep 30 12:09:55 romulus pluto[8699]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:09:55 romulus pluto[8699]: | based upon policy, the connection is a template.
Sep 30 12:09:55 romulus pluto[8699]: added connection description "canyon"
Sep 30 12:09:55 romulus pluto[8699]: | 130.205.32.3[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com]
Sep 30 12:09:55 romulus pluto[8699]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS
Sep 30 12:09:55 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 118 seconds
Sep 30 12:09:55 romulus pluto[8699]: |
Sep 30 12:09:55 romulus pluto[8699]: | *received whack message
Sep 30 12:09:55 romulus pluto[8699]: listening for IKE messages
Sep 30 12:09:55 romulus pluto[8699]: | found lo with address 127.0.0.1
Sep 30 12:09:55 romulus pluto[8699]: | found veth0 with address 130.205.32.3
Sep 30 12:09:55 romulus pluto[8699]: | found veth1 with address 172.31.192.3
Sep 30 12:09:55 romulus pluto[8699]: | found tun0 with address 172.31.250.1
Sep 30 12:09:55 romulus pluto[8699]: adding interface tun0/tun0 172.31.250.1:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface tun0/tun0 172.31.250.1:4500
Sep 30 12:09:55 romulus pluto[8699]: adding interface veth1/veth1 172.31.192.3:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface veth1/veth1 172.31.192.3:4500
Sep 30 12:09:55 romulus pluto[8699]: adding interface veth0/veth0 130.205.32.3:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface veth0/veth0 130.205.32.3:4500
Sep 30 12:09:55 romulus pluto[8699]: adding interface lo/lo 127.0.0.1:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface lo/lo 127.0.0.1:4500
Sep 30 12:09:55 romulus pluto[8699]: | found tun6to4 with address 2002:82cd:2003:0000:0000:0000:0000:0001
Sep 30 12:09:55 romulus pluto[8699]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
Sep 30 12:09:55 romulus pluto[8699]: | found veth1 with address 2001:4830:3000:0002:0280:3fff:fe03:455b
Sep 30 12:09:55 romulus pluto[8699]: adding interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface lo/lo ::1:500
Sep 30 12:09:55 romulus pluto[8699]: adding interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:09:55 romulus pluto[8699]: loading secrets from "/etc/ipsec.secrets"
Sep 30 12:09:55 romulus pluto[8699]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Sep 30 12:09:55 romulus pluto[8699]: loaded private key file '/etc/ipsec.d/private/romulus.wittsend.com.key' (887 bytes)
Sep 30 12:09:55 romulus pluto[8699]: | file content is not binary ASN.1
Sep 30 12:09:55 romulus pluto[8699]: | -----BEGIN RSA PRIVATE KEY-----
Sep 30 12:09:55 romulus pluto[8699]: | -----END RSA PRIVATE KEY-----
Sep 30 12:09:55 romulus pluto[8699]: | file coded in PEM format
Sep 30 12:09:55 romulus pluto[8699]: | L0 - RSAPrivateKey:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - version:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - modulus:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - publicExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - privateExponent:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - prime1:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - prime2:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - exponent1:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - exponent2:
Sep 30 12:09:55 romulus pluto[8699]: | L1 - coefficient:
Sep 30 12:09:55 romulus pluto[8699]: | loaded private key for keyid: PPK_RSA:AwEAAev6j
Sep 30 12:09:55 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 118 seconds
Sep 30 12:10:05 romulus pluto[8699]: |
Sep 30 12:10:05 romulus pluto[8699]: | *received 312 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:05 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:05 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 00 00 00 00 00 00 00 00
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:10:05 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:05 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:10:05 romulus pluto[8699]: | flags: none
Sep 30 12:10:05 romulus pluto[8699]: | message ID: 00 00 00 00
Sep 30 12:10:05 romulus pluto[8699]: | length: 312
Sep 30 12:10:05 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 148
Sep 30 12:10:05 romulus pluto[8699]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 16
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [Openswan (this version) 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [Dead Peer Detection]
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [RFC 3947] method set to=110
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110
Sep 30 12:10:05 romulus pluto[8699]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 30 12:10:05 romulus pluto[8699]: | creating state object #1 at 0x800d9570
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: responding to Main Mode
Sep 30 12:10:05 romulus pluto[8699]: | ****parse IPsec DOI SIT:
Sep 30 12:10:05 romulus pluto[8699]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:10:05 romulus pluto[8699]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 136
Sep 30 12:10:05 romulus pluto[8699]: | proposal number: 0
Sep 30 12:10:05 romulus pluto[8699]: | protocol ID: PROTO_ISAKMP
Sep 30 12:10:05 romulus pluto[8699]: | SPI size: 0
Sep 30 12:10:05 romulus pluto[8699]: | number of transforms: 4
Sep 30 12:10:05 romulus pluto[8699]: | *****parse ISAKMP Transform Payload (ISAKMP):
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:10:05 romulus pluto[8699]: | length: 32
Sep 30 12:10:05 romulus pluto[8699]: | transform number: 0
Sep 30 12:10:05 romulus pluto[8699]: | transform ID: KEY_IKE
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_LIFE_TYPE
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is OAKLEY_LIFE_SECONDS]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_LIFE_DURATION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 3600
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 5
Sep 30 12:10:05 romulus pluto[8699]: | [5 is OAKLEY_3DES_CBC]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_HASH_ALGORITHM
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is OAKLEY_MD5]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 3
Sep 30 12:10:05 romulus pluto[8699]: | [3 is OAKLEY_RSA_SIG]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: OAKLEY_GROUP_DESCRIPTION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 5
Sep 30 12:10:05 romulus pluto[8699]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:10:05 romulus pluto[8699]: | Oakley Transform 0 accepted
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_OK
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 30 12:10:05 romulus pluto[8699]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:10:05 romulus pluto[8699]: | sending 136 bytes for STATE_MAIN_R0 through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 30 12:10:05 romulus pluto[8699]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:10:05 romulus pluto[8699]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: |
Sep 30 12:10:05 romulus pluto[8699]: | *received 284 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:05 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:05 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:05 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:10:05 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:05 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:10:05 romulus pluto[8699]: | flags: none
Sep 30 12:10:05 romulus pluto[8699]: | message ID: 00 00 00 00
Sep 30 12:10:05 romulus pluto[8699]: | length: 284
Sep 30 12:10:05 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:10:05 romulus pluto[8699]: | state object #1 found, in STATE_MAIN_R1
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:10:05 romulus pluto[8699]: | length: 196
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Sep 30 12:10:05 romulus pluto[8699]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:10:05 romulus pluto[8699]: | asking helper 0 to do build_kenonce op on seq: 1
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_SUSPEND
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:10:05 romulus pluto[8700]: ! helper 0 doing build_kenonce op id: 1
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:10:05 romulus pluto[8699]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:10:05 romulus pluto[8699]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_OK
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 30 12:10:05 romulus pluto[8699]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:10:05 romulus pluto[8699]: | sending 420 bytes for STATE_MAIN_R1 through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 30 12:10:05 romulus pluto[8699]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:10:05 romulus pluto[8699]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: |
Sep 30 12:10:05 romulus pluto[8699]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:05 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:05 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:05 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:10:05 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:05 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:10:05 romulus pluto[8699]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:10:05 romulus pluto[8699]: | message ID: 00 00 00 00
Sep 30 12:10:05 romulus pluto[8699]: | length: 1548
Sep 30 12:10:05 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:10:05 romulus pluto[8699]: | state object #1 found, in STATE_MAIN_R2
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Identification Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:10:05 romulus pluto[8699]: | length: 176
Sep 30 12:10:05 romulus pluto[8699]: | ID type: ID_DER_ASN1_DN
Sep 30 12:10:05 romulus pluto[8699]: | DOI specific A: 0
Sep 30 12:10:05 romulus pluto[8699]: | DOI specific B: 0
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:10:05 romulus pluto[8699]: | length: 1016
Sep 30 12:10:05 romulus pluto[8699]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:10:05 romulus pluto[8699]: | length: 194
Sep 30 12:10:05 romulus pluto[8699]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Signature Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 132
Sep 30 12:10:05 romulus pluto[8699]: | removing 2 bytes of padding
Sep 30 12:10:05 romulus pluto[8699]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:10:05 romulus pluto[8699]: | 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:10:05 romulus pluto[8699]: | 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:10:05 romulus pluto[8699]: | 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:10:05 romulus pluto[8699]: | 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:10:05 romulus pluto[8699]: | 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:10:05 romulus pluto[8699]: | 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:10:05 romulus pluto[8699]: | 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:10:05 romulus pluto[8699]: | 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:10:05 romulus pluto[8699]: | 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:10:05 romulus pluto[8699]: | 73 65 6e 64 2e 63 6f 6d
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | L0 - certificate:
Sep 30 12:10:05 romulus pluto[8699]: | L1 - tbsCertificate:
Sep 30 12:10:05 romulus pluto[8699]: | L2 - DEFAULT v1:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - version:
Sep 30 12:10:05 romulus pluto[8699]: | v3
Sep 30 12:10:05 romulus pluto[8699]: | L2 - serialNumber:
Sep 30 12:10:05 romulus pluto[8699]: | L2 - signature:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - algorithmIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - algorithm:
Sep 30 12:10:05 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:10:05 romulus pluto[8699]: | L2 - issuer:
Sep 30 12:10:05 romulus pluto[8699]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:10:05 romulus pluto[8699]: | L2 - validity:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - notBefore:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:10:05 romulus pluto[8699]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:10:05 romulus pluto[8699]: | L3 - notAfter:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - utcTime:
Sep 30 12:10:05 romulus pluto[8699]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:10:05 romulus pluto[8699]: | L2 - subject:
Sep 30 12:10:05 romulus pluto[8699]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | L2 - subjectPublicKeyInfo:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - algorithmIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - algorithm:
Sep 30 12:10:05 romulus pluto[8699]: | 'rsaEncryption'
Sep 30 12:10:05 romulus pluto[8699]: | L3 - subjectPublicKey:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - RSAPublicKey:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - modulus:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - publicExponent:
Sep 30 12:10:05 romulus pluto[8699]: | L2 - optional extensions:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - extensions:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - extension:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:10:05 romulus pluto[8699]: | 'authorityKeyIdentifier'
Sep 30 12:10:05 romulus pluto[8699]: | L5 - critical:
Sep 30 12:10:05 romulus pluto[8699]: | FALSE
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:10:05 romulus pluto[8699]: | L6 - authorityKeyIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L7 - keyIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L8 - keyIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - extension:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:10:05 romulus pluto[8699]: | 'extendedKeyUsage'
Sep 30 12:10:05 romulus pluto[8699]: | L5 - critical:
Sep 30 12:10:05 romulus pluto[8699]: | FALSE
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:10:05 romulus pluto[8699]: | L6 - extendedKeyUsage:
Sep 30 12:10:05 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:10:05 romulus pluto[8699]: | 'serverAuth'
Sep 30 12:10:05 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:10:05 romulus pluto[8699]: | 'clientAuth'
Sep 30 12:10:05 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:10:05 romulus pluto[8699]: | L7 - keyPurposeID:
Sep 30 12:10:05 romulus pluto[8699]: | L4 - extension:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:10:05 romulus pluto[8699]: | 'basicConstraints'
Sep 30 12:10:05 romulus pluto[8699]: | L5 - critical:
Sep 30 12:10:05 romulus pluto[8699]: | TRUE
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:10:05 romulus pluto[8699]: | L6 - basicConstraints:
Sep 30 12:10:05 romulus pluto[8699]: | L7 - CA:
Sep 30 12:10:05 romulus pluto[8699]: | FALSE
Sep 30 12:10:05 romulus pluto[8699]: | L4 - extension:
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnID:
Sep 30 12:10:05 romulus pluto[8699]: | 'subjectAltName'
Sep 30 12:10:05 romulus pluto[8699]: | L5 - critical:
Sep 30 12:10:05 romulus pluto[8699]: | FALSE
Sep 30 12:10:05 romulus pluto[8699]: | L5 - extnValue:
Sep 30 12:10:05 romulus pluto[8699]: | L6 - generalNames:
Sep 30 12:10:05 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:10:05 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:10:05 romulus pluto[8699]: | 'complex.wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:10:05 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:10:05 romulus pluto[8699]: | 'complex.ip6.wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:10:05 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:10:05 romulus pluto[8699]: | 'complex.wittsend.org'
Sep 30 12:10:05 romulus pluto[8699]: | L7 - generalName:
Sep 30 12:10:05 romulus pluto[8699]: | L8 - dnsName:
Sep 30 12:10:05 romulus pluto[8699]: | 'complex.commandcorp.com'
Sep 30 12:10:05 romulus pluto[8699]: | L1 - signatureAlgorithm:
Sep 30 12:10:05 romulus pluto[8699]: | L2 - algorithmIdentifier:
Sep 30 12:10:05 romulus pluto[8699]: | L3 - algorithm:
Sep 30 12:10:05 romulus pluto[8699]: | 'md5WithRSAEncryption'
Sep 30 12:10:05 romulus pluto[8699]: | L1 - signatureValue:
Sep 30 12:10:05 romulus pluto[8699]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:10:05 romulus pluto[8699]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:10:05 romulus pluto[8699]: | decrypted signature:
Sep 30 12:10:05 romulus pluto[8699]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:10:05 romulus pluto[8699]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:10:05 romulus pluto[8699]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:10:05 romulus pluto[8699]: | 3a
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:10:05 romulus pluto[8699]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:10:05 romulus pluto[8699]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:10:05 romulus pluto[8699]: | 90 69 e2 aa
Sep 30 12:10:05 romulus pluto[8699]: | decrypted signature:
Sep 30 12:10:05 romulus pluto[8699]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:10:05 romulus pluto[8699]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:10:05 romulus pluto[8699]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:10:05 romulus pluto[8699]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:10:05 romulus pluto[8699]: | aa
Sep 30 12:10:05 romulus pluto[8699]: | reached self-signed root ca
Sep 30 12:10:05 romulus pluto[8699]: | Public key validated
Sep 30 12:10:05 romulus pluto[8699]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:10:05 romulus pluto[8699]: | 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:10:05 romulus pluto[8699]: | 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:10:05 romulus pluto[8699]: | 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:10:05 romulus pluto[8699]: | 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:10:05 romulus pluto[8699]: | 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:10:05 romulus pluto[8699]: | 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:10:05 romulus pluto[8699]: | 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:10:05 romulus pluto[8699]: | 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:10:05 romulus pluto[8699]: | 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:10:05 romulus pluto[8699]: | 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:10:05 romulus pluto[8699]: | 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:10:05 romulus pluto[8699]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | offered CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:10:05 romulus pluto[8699]: | required CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:10:05 romulus pluto[8699]: | key issuer CA is 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:10:05 romulus pluto[8699]: | an RSA Sig check passed with *AwEAAfKmu [preloaded key]
Sep 30 12:10:05 romulus pluto[8699]: | thinking about whether to send my certificate:
Sep 30 12:10:05 romulus pluto[8699]: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE
Sep 30 12:10:05 romulus pluto[8699]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
Sep 30 12:10:05 romulus pluto[8699]: | so send cert.
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: I am sending my cert
Sep 30 12:10:05 romulus pluto[8699]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_RSA
Sep 30 12:10:05 romulus pluto[8699]: | searching for certificate PPK_RSA:AwEAAev6j vs PPK_RSA:AwEAAev6j
Sep 30 12:10:05 romulus pluto[8699]: | signing hash with RSA Key *AwEAAev6j
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_OK
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 30 12:10:05 romulus pluto[8699]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:10:05 romulus pluto[8699]: | sending 1116 bytes for STATE_MAIN_R2 through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1
Sep 30 12:10:05 romulus pluto[8699]: "complex" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Sep 30 12:10:05 romulus pluto[8699]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:10:05 romulus pluto[8699]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:10:05 romulus pluto[8699]: |
Sep 30 12:10:05 romulus pluto[8699]: | *received 428 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:05 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:05 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:05 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:10:05 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:05 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_QUICK
Sep 30 12:10:05 romulus pluto[8699]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:10:05 romulus pluto[8699]: | message ID: de 6e fc ea
Sep 30 12:10:05 romulus pluto[8699]: | length: 428
Sep 30 12:10:05 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | peer and cookies match on #1, provided msgid de6efcea vs 00000000
Sep 30 12:10:05 romulus pluto[8699]: | state object not found
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:10:05 romulus pluto[8699]: | state object #1 found, in STATE_MAIN_R3
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Hash Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:10:05 romulus pluto[8699]: | length: 136
Sep 30 12:10:05 romulus pluto[8699]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:10:05 romulus pluto[8699]: | length: 196
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:10:05 romulus pluto[8699]: | length: 16
Sep 30 12:10:05 romulus pluto[8699]: | ID type: ID_IPV4_ADDR_SUBNET
Sep 30 12:10:05 romulus pluto[8699]: | Protocol ID: 0
Sep 30 12:10:05 romulus pluto[8699]: | port: 0
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Identification Payload (IPsec DOI):
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 12
Sep 30 12:10:05 romulus pluto[8699]: | ID type: ID_IPV4_ADDR
Sep 30 12:10:05 romulus pluto[8699]: | Protocol ID: 0
Sep 30 12:10:05 romulus pluto[8699]: | port: 0
Sep 30 12:10:05 romulus pluto[8699]: | peer client is subnet 130.205.0.0/19
Sep 30 12:10:05 romulus pluto[8699]: | peer client protocol/port is 0/0
Sep 30 12:10:05 romulus pluto[8699]: | our client is 130.205.32.3
Sep 30 12:10:05 romulus pluto[8699]: | our client protocol/port is 0/0
Sep 30 12:10:05 romulus pluto[8699]: | duplicating state object #1
Sep 30 12:10:05 romulus pluto[8699]: | creating state object #2 at 0x800daac8
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
Sep 30 12:10:05 romulus pluto[8699]: | ****parse IPsec DOI SIT:
Sep 30 12:10:05 romulus pluto[8699]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:10:05 romulus pluto[8699]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 124
Sep 30 12:10:05 romulus pluto[8699]: | proposal number: 0
Sep 30 12:10:05 romulus pluto[8699]: | protocol ID: PROTO_IPSEC_ESP
Sep 30 12:10:05 romulus pluto[8699]: | SPI size: 4
Sep 30 12:10:05 romulus pluto[8699]: | number of transforms: 4
Sep 30 12:10:05 romulus pluto[8699]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 30 12:10:05 romulus pluto[8699]: | SPI 44 3a f5 ee
Sep 30 12:10:05 romulus pluto[8699]: | *****parse ISAKMP Transform Payload (ESP):
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:10:05 romulus pluto[8699]: | length: 28
Sep 30 12:10:05 romulus pluto[8699]: | transform number: 0
Sep 30 12:10:05 romulus pluto[8699]: | transform ID: ESP_AES
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: GROUP_DESCRIPTION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 5
Sep 30 12:10:05 romulus pluto[8699]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: ENCAPSULATION_MODE
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: SA_LIFE_TYPE
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: SA_LIFE_DURATION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 28800
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: AUTH_ALGORITHM
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 2
Sep 30 12:10:05 romulus pluto[8699]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Sep 30 12:10:05 romulus pluto[8699]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:10:05 romulus pluto[8699]: | asking helper 0 to do build_kenonce op on seq: 2
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_SUSPEND
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:10:05 romulus pluto[8700]: ! helper 0 doing build_kenonce op id: 2
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ****parse IPsec DOI SIT:
Sep 30 12:10:05 romulus pluto[8699]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:10:05 romulus pluto[8699]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 124
Sep 30 12:10:05 romulus pluto[8699]: | proposal number: 0
Sep 30 12:10:05 romulus pluto[8699]: | protocol ID: PROTO_IPSEC_ESP
Sep 30 12:10:05 romulus pluto[8699]: | SPI size: 4
Sep 30 12:10:05 romulus pluto[8699]: | number of transforms: 4
Sep 30 12:10:05 romulus pluto[8699]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Sep 30 12:10:05 romulus pluto[8699]: | SPI 44 3a f5 ee
Sep 30 12:10:05 romulus pluto[8699]: | *****parse ISAKMP Transform Payload (ESP):
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:10:05 romulus pluto[8699]: | length: 28
Sep 30 12:10:05 romulus pluto[8699]: | transform number: 0
Sep 30 12:10:05 romulus pluto[8699]: | transform ID: ESP_AES
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: GROUP_DESCRIPTION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 5
Sep 30 12:10:05 romulus pluto[8699]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: ENCAPSULATION_MODE
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: SA_LIFE_TYPE
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 1
Sep 30 12:10:05 romulus pluto[8699]: | [1 is SA_LIFE_TYPE_SECONDS]
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: SA_LIFE_DURATION
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 28800
Sep 30 12:10:05 romulus pluto[8699]: | ******parse ISAKMP IPsec DOI attribute:
Sep 30 12:10:05 romulus pluto[8699]: | af+type: AUTH_ALGORITHM
Sep 30 12:10:05 romulus pluto[8699]: | length/value: 2
Sep 30 12:10:05 romulus pluto[8699]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Sep 30 12:10:05 romulus pluto[8699]: "complex" #2: responding to Quick Mode {msgid:eafc6ede}
Sep 30 12:10:05 romulus pluto[8699]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:10:05 romulus pluto[8699]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:10:05 romulus pluto[8699]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:10:05 romulus pluto[8699]: | compute_proto_keymat:needed_len (after ESP enc)=16
Sep 30 12:10:05 romulus pluto[8699]: | compute_proto_keymat:needed_len (after ESP auth)=36
Sep 30 12:10:05 romulus pluto[8699]: | route owner of "complex" unrouted: NULL
Sep 30 12:10:05 romulus pluto[8699]: | install_inbound_ipsec_sa() checking if we can route
Sep 30 12:10:05 romulus pluto[8699]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:10:05 romulus pluto[8699]: | could_route called for complex (kind=CK_PERMANENT)
Sep 30 12:10:05 romulus pluto[8699]: | add inbound eroute 130.205.0.0/19:0 --0-> 130.205.32.3/32:0 => tun.10000 at 130.205.32.3 (raw_eroute)
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_OK
Sep 30 12:10:05 romulus pluto[8699]: "complex" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 30 12:10:05 romulus pluto[8699]: | sending reply packet to 65.7.156.165:500 (from port=500)
Sep 30 12:10:05 romulus pluto[8699]: | sending 348 bytes for STATE_QUICK_R0 through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Sep 30 12:10:05 romulus pluto[8699]: "complex" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Sep 30 12:10:05 romulus pluto[8699]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:10:05 romulus pluto[8699]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Sep 30 12:10:05 romulus pluto[8699]: |
Sep 30 12:10:05 romulus pluto[8699]: | *received 52 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:05 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:05 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:05 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:05 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:10:05 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:05 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_QUICK
Sep 30 12:10:05 romulus pluto[8699]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:10:05 romulus pluto[8699]: | message ID: de 6e fc ea
Sep 30 12:10:05 romulus pluto[8699]: | length: 52
Sep 30 12:10:05 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_QUICK (32)
Sep 30 12:10:05 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:05 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:05 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:05 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:05 romulus pluto[8699]: | peer and cookies match on #2, provided msgid de6efcea vs de6efcea
Sep 30 12:10:05 romulus pluto[8699]: | state object #2 found, in STATE_QUICK_R1
Sep 30 12:10:05 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:05 romulus pluto[8699]: | ***parse ISAKMP Hash Payload:
Sep 30 12:10:05 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:05 romulus pluto[8699]: | length: 20
Sep 30 12:10:05 romulus pluto[8699]: | removing 4 bytes of padding
Sep 30 12:10:05 romulus pluto[8699]: | install_ipsec_sa() for #2: outbound only
Sep 30 12:10:05 romulus pluto[8699]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:10:05 romulus pluto[8699]: | could_route called for complex (kind=CK_PERMANENT)
Sep 30 12:10:05 romulus pluto[8699]: | sr for #2: unrouted
Sep 30 12:10:05 romulus pluto[8699]: | route owner of "complex" unrouted: NULL; eroute owner: NULL
Sep 30 12:10:05 romulus pluto[8699]: | eroute_connection add eroute 130.205.32.3/32:0 --0-> 130.205.0.0/19:0 => tun.0 at 65.7.156.165 (raw_eroute)
Sep 30 12:10:05 romulus pluto[8699]: | command executing up-host
Sep 30 12:10:05 romulus pluto[8699]: | executing up-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:10:05 romulus pluto[8699]: | route_and_eroute: firewall_notified: true
Sep 30 12:10:05 romulus pluto[8699]: | command executing prepare-host
Sep 30 12:10:05 romulus pluto[8699]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:10:05 romulus pluto[8699]: | command executing route-host
Sep 30 12:10:05 romulus pluto[8699]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:10:05 romulus pluto[8699]: | route_and_eroute: instance "complex", setting eroute_owner {spd=0x800ce4ec,sr=0x800ce4ec} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 30 12:10:05 romulus pluto[8699]: | complete state transition with STF_OK
Sep 30 12:10:05 romulus pluto[8699]: "complex" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 30 12:10:05 romulus pluto[8699]: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2
Sep 30 12:10:05 romulus pluto[8699]: "complex" #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x443af5ee <0x13379552 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}
Sep 30 12:10:05 romulus pluto[8699]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:10:05 romulus pluto[8699]: | phase 1 is done, looking for phase 1 to unpend
Sep 30 12:10:05 romulus pluto[8699]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:10:25 romulus pluto[8699]: |
Sep 30 12:10:25 romulus pluto[8699]: | *time to handle event
Sep 30 12:10:25 romulus pluto[8699]: | handling event EVENT_NAT_T_KEEPALIVE
Sep 30 12:10:25 romulus pluto[8699]: | event after this is EVENT_PENDING_PHASE2 in 88 seconds
Sep 30 12:10:25 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:25 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:25 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 88 seconds
Sep 30 12:10:36 romulus pluto[8699]: |
Sep 30 12:10:36 romulus pluto[8699]: | *received 68 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:36 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:36 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:36 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:36 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:10:36 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:36 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_INFO
Sep 30 12:10:36 romulus pluto[8699]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:10:36 romulus pluto[8699]: | message ID: 13 17 27 c6
Sep 30 12:10:36 romulus pluto[8699]: | length: 68
Sep 30 12:10:36 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5)
Sep 30 12:10:36 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:36 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:36 romulus pluto[8699]: | peer and cookies match on #2, provided msgid 00000000 vs de6efcea/00000000
Sep 30 12:10:36 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
Sep 30 12:10:36 romulus pluto[8699]: | p15 state object #1 found, in STATE_MAIN_R3
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: | ***parse ISAKMP Hash Payload:
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_D
Sep 30 12:10:36 romulus pluto[8699]: | length: 20
Sep 30 12:10:36 romulus pluto[8699]: | ***parse ISAKMP Delete Payload:
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:36 romulus pluto[8699]: | length: 16
Sep 30 12:10:36 romulus pluto[8699]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:10:36 romulus pluto[8699]: | protocol ID: 3
Sep 30 12:10:36 romulus pluto[8699]: | SPI size: 4
Sep 30 12:10:36 romulus pluto[8699]: | number of SPIs: 1
Sep 30 12:10:36 romulus pluto[8699]: | removing 4 bytes of padding
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: "complex" #1: received Delete SA(0x443af5ee) payload: deleting IPSEC State #2
Sep 30 12:10:36 romulus pluto[8699]: | deleting state #2
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: | sending 68 bytes for delete notify through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:36 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:36 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:36 romulus pluto[8699]: | command executing down-host
Sep 30 12:10:36 romulus pluto[8699]: | executing down-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='down-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:10:36 romulus pluto[8699]: | replace with shunt eroute 130.205.0.0/19:0 --0-> 130.205.32.3/32:0 => %trap (raw_eroute)
Sep 30 12:10:36 romulus pluto[8699]: | eroute_connection replace with shunt eroute 130.205.32.3/32:0 --0-> 130.205.0.0/19:0 => %trap (raw_eroute)
Sep 30 12:10:36 romulus pluto[8699]: | delete inbound eroute 130.205.0.0/19:0 --0-> 130.205.32.3/32:0 => unk255.10000 at 130.205.32.3 (raw_eroute)
Sep 30 12:10:36 romulus pluto[8699]: | del: 44 3a f5 ee
Sep 30 12:10:36 romulus pluto[8699]: "complex" #1: received and ignored informational message
Sep 30 12:10:36 romulus pluto[8699]: | complete state transition with STF_IGNORE
Sep 30 12:10:36 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 77 seconds
Sep 30 12:10:36 romulus pluto[8699]: |
Sep 30 12:10:36 romulus pluto[8699]: | *received 76 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:10:36 romulus pluto[8699]: | **parse ISAKMP Message:
Sep 30 12:10:36 romulus pluto[8699]: | initiator cookie:
Sep 30 12:10:36 romulus pluto[8699]: | 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | responder cookie:
Sep 30 12:10:36 romulus pluto[8699]: | dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_HASH
Sep 30 12:10:36 romulus pluto[8699]: | ISAKMP version: ISAKMP Version 1.0
Sep 30 12:10:36 romulus pluto[8699]: | exchange type: ISAKMP_XCHG_INFO
Sep 30 12:10:36 romulus pluto[8699]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:10:36 romulus pluto[8699]: | message ID: 4b b8 0a 62
Sep 30 12:10:36 romulus pluto[8699]: | length: 76
Sep 30 12:10:36 romulus pluto[8699]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5)
Sep 30 12:10:36 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:36 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:36 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000
Sep 30 12:10:36 romulus pluto[8699]: | p15 state object #1 found, in STATE_MAIN_R3
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: | ***parse ISAKMP Hash Payload:
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_D
Sep 30 12:10:36 romulus pluto[8699]: | length: 20
Sep 30 12:10:36 romulus pluto[8699]: | ***parse ISAKMP Delete Payload:
Sep 30 12:10:36 romulus pluto[8699]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:10:36 romulus pluto[8699]: | length: 28
Sep 30 12:10:36 romulus pluto[8699]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:10:36 romulus pluto[8699]: | protocol ID: 1
Sep 30 12:10:36 romulus pluto[8699]: | SPI size: 16
Sep 30 12:10:36 romulus pluto[8699]: | number of SPIs: 1
Sep 30 12:10:36 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:36 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:36 romulus pluto[8699]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:10:36 romulus pluto[8699]: | state object #1 found, in STATE_MAIN_R3
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: "complex" #1: received Delete SA payload: deleting ISAKMP State #1
Sep 30 12:10:36 romulus pluto[8699]: | deleting state #1
Sep 30 12:10:36 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:36 romulus pluto[8699]: | sending 76 bytes for delete notify through veth0:500 to 65.7.156.165:500:
Sep 30 12:10:36 romulus pluto[8699]: | ICOOKIE: 98 16 88 7a fc 46 3d 09
Sep 30 12:10:36 romulus pluto[8699]: | RCOOKIE: dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: | peer: 41 07 9c a5
Sep 30 12:10:36 romulus pluto[8699]: | state hash entry 28
Sep 30 12:10:36 romulus pluto[8699]: | del: 98 16 88 7a fc 46 3d 09 dd 41 45 0b 05 8d b8 2f
Sep 30 12:10:36 romulus pluto[8699]: packet from 65.7.156.165:500: received and ignored informational message
Sep 30 12:10:36 romulus pluto[8699]: | complete state transition with STF_IGNORE
Sep 30 12:10:36 romulus pluto[8699]: | next event EVENT_PENDING_PHASE2 in 77 seconds
Sep 30 12:10:46 romulus pluto[8699]: |
Sep 30 12:10:46 romulus pluto[8699]: | *received whack message
Sep 30 12:10:46 romulus pluto[8699]: shutting down
Sep 30 12:10:46 romulus pluto[8699]: forgetting secrets
Sep 30 12:10:46 romulus pluto[8699]: | processing connection canyon
Sep 30 12:10:46 romulus pluto[8699]: "canyon": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | processing connection kolvir
Sep 30 12:10:46 romulus pluto[8699]: "kolvir": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | processing connection rebma
Sep 30 12:10:46 romulus pluto[8699]: "rebma": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | processing connection chaos
Sep 30 12:10:46 romulus pluto[8699]: "chaos": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | processing connection charon-1
Sep 30 12:10:46 romulus pluto[8699]: "charon-1": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | processing connection complex
Sep 30 12:10:46 romulus pluto[8699]: "complex": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: | delete eroute 130.205.0.0/19:0 --0-> 130.205.32.3/32:0 => int.0 at 130.205.32.3 (raw_eroute)
Sep 30 12:10:46 romulus pluto[8699]: | eroute_connection delete eroute 130.205.32.3/32:0 --0-> 130.205.0.0/19:0 => int.0 at 0.0.0.0 (raw_eroute)
Sep 30 12:10:46 romulus pluto[8699]: | route owner of "complex" unrouted: NULL
Sep 30 12:10:46 romulus pluto[8699]: | command executing unroute-host
Sep 30 12:10:46 romulus pluto[8699]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='complex' PLUTO_NEXT_HOP='130.205.32.1' PLUTO_INTERFACE='veth0' PLUTO_ME='130.205.32.3' PLUTO_MY_ID='C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com' PLUTO_MY_CLIENT='130.205.32.3/32' PLUTO_MY_CLIENT_NET='130.205.32.3' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='65.7.156.165' PLUTO_PEER_ID='C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com' PLUTO_PEER_CLIENT='130.205.0.0/19' PLUTO_PEER_CLIENT_NET='130.205.0.0' PLUTO_PEER_CLIENT_MASK='255.255.224.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS' PLUTO_MY_SOURCEIP='130.205.32.3' ipsec _updown
Sep 30 12:10:46 romulus pluto[8699]: | processing connection charon-0
Sep 30 12:10:46 romulus pluto[8699]: "charon-0": deleting connection
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface lo/lo ::1:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface lo/lo 127.0.0.1:4500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface lo/lo 127.0.0.1:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface veth0/veth0 130.205.32.3:4500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface veth0/veth0 130.205.32.3:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface veth1/veth1 172.31.192.3:4500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface veth1/veth1 172.31.192.3:500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface tun0/tun0 172.31.250.1:4500
Sep 30 12:10:46 romulus pluto[8699]: shutting down interface tun0/tun0 172.31.250.1:500
-------------- next part --------------
Sep 30 12:13:10 romulus ipsec__plutorun: Starting Pluto subsystem...
Sep 30 12:13:10 romulus pluto[10414]: Starting Pluto (Openswan Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:10414
Sep 30 12:13:10 romulus pluto[10414]: Setting NAT-Traversal port-4500 floating to on
Sep 30 12:13:10 romulus pluto[10414]: port floating activation criteria nat_t=1/port_float=1
Sep 30 12:13:10 romulus pluto[10414]: including NAT-Traversal patch (Version 0.6c)
Sep 30 12:13:10 romulus pluto[10414]: | opening /dev/urandom
Sep 30 12:13:10 romulus pluto[10414]: using /dev/urandom as source of random entropy
Sep 30 12:13:10 romulus pluto[10414]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
Sep 30 12:13:10 romulus pluto[10414]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: starting up 1 cryptographic helpers
Sep 30 12:13:10 romulus pluto[10415]: | opening /dev/urandom
Sep 30 12:13:10 romulus pluto[10415]: using /dev/urandom as source of random entropy
Sep 30 12:13:10 romulus pluto[10415]: ! helper 0 waiting on fd: 8
Sep 30 12:13:10 romulus pluto[10414]: started helper pid=10415 (fd:7)
Sep 30 12:13:10 romulus pluto[10414]: Using Linux 2.6 IPsec interface code on 2.6.24-ovz005.1 (experimental code)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_add(): ERROR: Algorithm already exists
Sep 30 12:13:10 romulus pluto[10414]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Sep 30 12:13:11 romulus pluto[10414]: Changed path to directory '/etc/ipsec.d/cacerts'
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'wittsendCA.pem' (960 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'wittsendCA.crt' (960 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:44:01 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:44:01 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert is already present and identical
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'issCA.pem' (1042 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'issCA.crt' (1042 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Aug 01 14:42:32 UTC 2004'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 30 14:42:32 UTC 2014'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, OU=Certification Services, E=ca at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert is already present and identical
Sep 30 12:13:11 romulus pluto[10414]: loaded CA cert file 'WittsEndCA.crt' (1342 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'sha-1WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Mar 24 17:29:15 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Mar 22 17:29:15 UTC 2018'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'sha-1WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | authcert inserted
Sep 30 12:13:11 romulus pluto[10414]: Could not change to directory '/etc/ipsec.d/aacerts': /
Sep 30 12:13:11 romulus pluto[10414]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Sep 30 12:13:11 romulus pluto[10414]: Could not change to directory '/etc/ipsec.d/crls'
Sep 30 12:13:11 romulus pluto[10414]: Changing back to directory '/' failed - (2 No such file or directory)
Sep 30 12:13:11 romulus pluto[10414]: Changing back to directory '/' failed - (2 No such file or directory)
Sep 30 12:13:11 romulus pluto[10414]: | inserting event EVENT_LOG_DAILY, timeout in 42409 seconds
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection canyon with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from canyon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/canyon.wittsend.com.crt' (4153 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:53:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:53:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'canyon.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "canyon"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...%any[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=canyon.wittsend.com, E=postmaster at wittsend.com,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection chaos with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from chaos.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/chaos.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:11 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:11 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "chaos"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.37<209.134.176.37>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=chaos.iss.net, E=postmaster at iss.net,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection charon-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 74.237.49.95 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "charon-0"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection charon-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from remus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/remus.wittsend.com.crt' (4148 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:44:39 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'remus.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from charon.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/charon.wittsend.com.crt' (3903 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:32:56 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Atlanta, O=Thaumaturgy & Speculums Technology, CN=charon.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 74.237.49.95 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "charon-1"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.0/24===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=remus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.11---74.237.49.95<74.237.49.95>[+S=C]===130.205.36.0/24
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection complex with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from complex.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/complex.wittsend.com.crt' (4223 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:11 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "complex"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...65.14.248.12---65.7.156.165<65.7.156.165>[C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com,+S=C]===130.205.0.0/19
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection kolvir with policy RSASIG+ENCRYPT+PFS+DONTREKEY+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from kolvir.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/kolvir.iss.net.crt' (3868 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:25 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:29:25 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=kolvir.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for 209.134.176.84 is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "kolvir"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.84<209.134.176.84>[+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+PFS+DONTREKEY+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection levy-0 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "levy-0"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection levy-1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from levy.bythesea.org.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/levy.bythesea.org.crt' (3983 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 19:52:50 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org is 0
Sep 30 12:13:11 romulus pluto[10414]: | based upon policy, the connection is a template.
Sep 30 12:13:11 romulus pluto[10414]: added connection description "levy-1"
Sep 30 12:13:11 romulus pluto[10414]: | 0.0.0.0/0===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...0.0.0.0---%any[C=US, ST=Georgia, L=Clarkston, O=ByTheSea Enterprises, OU=Intacta Bonk Phantasmagorical Department, CN=levy.bythesea.org, E=postmaster at bythesea.org,+S=C]===130.205.37.0/24
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: | Added new connection rebma with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from romulus.wittsend.com.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/romulus.wittsend.com.crt' (3088 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2005'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jan 28 17:45:00 UTC 2009'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com is 0
Sep 30 12:13:11 romulus pluto[10414]: loading certificate from rebma.iss.net.crt
Sep 30 12:13:11 romulus pluto[10414]: loaded host cert file '/etc/ipsec.d/certs/rebma.iss.net.crt' (3867 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END CERTIFICATE-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:11 romulus pluto[10414]: | v3
Sep 30 12:13:11 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:30:00 UTC 2008'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:11 romulus pluto[10414]: | 'Jul 26 18:30:00 UTC 2012'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:11 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net'
Sep 30 12:13:11 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:11 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:11 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:11 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:11 romulus pluto[10414]: | TRUE
Sep 30 12:13:11 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:11 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:11 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:11 romulus pluto[10414]: | FALSE
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:11 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:11 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:11 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:11 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:11 romulus pluto[10414]: no subjectAltName matches ID '%fromcert', replaced by subject DN
Sep 30 12:13:11 romulus pluto[10414]: | certificate is valid
Sep 30 12:13:11 romulus pluto[10414]: | counting wild cards for C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net is 0
Sep 30 12:13:11 romulus pluto[10414]: added connection description "rebma"
Sep 30 12:13:11 romulus pluto[10414]: | 130.205.32.3/32===130.205.32.3<130.205.32.3>[C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com,+S=C]---130.205.32.1...209.134.176.68<209.134.176.68>[C=GA, ST=Georgia, L=Atlanta, O=Internet Security Systems Inc, CN=rebma.iss.net, E=postmaster at iss.net,+S=C]
Sep 30 12:13:11 romulus pluto[10414]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:11 romulus pluto[10414]: |
Sep 30 12:13:11 romulus pluto[10414]: | *received whack message
Sep 30 12:13:11 romulus pluto[10414]: listening for IKE messages
Sep 30 12:13:11 romulus pluto[10414]: | found lo with address 127.0.0.1
Sep 30 12:13:11 romulus pluto[10414]: | found veth0 with address 130.205.32.3
Sep 30 12:13:11 romulus pluto[10414]: | found veth1 with address 172.31.192.3
Sep 30 12:13:11 romulus pluto[10414]: | found tun0 with address 172.31.250.1
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun0/tun0 172.31.250.1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun0/tun0 172.31.250.1:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 172.31.192.3:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 172.31.192.3:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth0/veth0 130.205.32.3:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth0/veth0 130.205.32.3:4500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo 127.0.0.1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo 127.0.0.1:4500
Sep 30 12:13:11 romulus pluto[10414]: | found tun6to4 with address 2002:82cd:2003:0000:0000:0000:0000:0001
Sep 30 12:13:11 romulus pluto[10414]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
Sep 30 12:13:11 romulus pluto[10414]: | found veth1 with address 2001:4830:3000:0002:0280:3fff:fe03:455b
Sep 30 12:13:11 romulus pluto[10414]: adding interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface lo/lo ::1:500
Sep 30 12:13:11 romulus pluto[10414]: adding interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:13:11 romulus pluto[10414]: loading secrets from "/etc/ipsec.secrets"
Sep 30 12:13:11 romulus pluto[10414]: loading secrets from "/etc/ipsec.d/hostkey.secrets"
Sep 30 12:13:11 romulus pluto[10414]: loaded private key file '/etc/ipsec.d/private/romulus.wittsend.com.key' (887 bytes)
Sep 30 12:13:11 romulus pluto[10414]: | file content is not binary ASN.1
Sep 30 12:13:11 romulus pluto[10414]: | -----BEGIN RSA PRIVATE KEY-----
Sep 30 12:13:11 romulus pluto[10414]: | -----END RSA PRIVATE KEY-----
Sep 30 12:13:11 romulus pluto[10414]: | file coded in PEM format
Sep 30 12:13:11 romulus pluto[10414]: | L0 - RSAPrivateKey:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - version:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - modulus:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - publicExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - privateExponent:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - prime1:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - prime2:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - exponent1:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - exponent2:
Sep 30 12:13:11 romulus pluto[10414]: | L1 - coefficient:
Sep 30 12:13:11 romulus pluto[10414]: loaded private key for keyid: PPK_RSA:AwEAAev6j
Sep 30 12:13:11 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:11 romulus pluto[10414]: | next event EVENT_PENDING_PHASE2 in 119 seconds
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 312 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 00 00 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SA
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: none
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 312
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Security Association Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 148
Sep 30 12:13:20 romulus pluto[10414]: | DOI: ISAKMP_DOI_IPSEC
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 16
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_VID
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Vendor ID Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: ignoring unknown Vendor ID payload [4f455f5d7b764b67436f4f49]
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [Dead Peer Detection]
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [RFC 3947] method set to=109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Sep 30 12:13:20 romulus pluto[10414]: packet from 65.7.156.165:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 30 12:13:20 romulus pluto[10414]: | creating state object #1 at 0x801145d8
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | inserting state object #1 on chain 27
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: responding to Main Mode
Sep 30 12:13:20 romulus pluto[10414]: | ****parse IPsec DOI SIT:
Sep 30 12:13:20 romulus pluto[10414]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Sep 30 12:13:20 romulus pluto[10414]: | ****parse ISAKMP Proposal Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 136
Sep 30 12:13:20 romulus pluto[10414]: | proposal number: 0
Sep 30 12:13:20 romulus pluto[10414]: | protocol ID: PROTO_ISAKMP
Sep 30 12:13:20 romulus pluto[10414]: | SPI size: 0
Sep 30 12:13:20 romulus pluto[10414]: | number of transforms: 4
Sep 30 12:13:20 romulus pluto[10414]: | *****parse ISAKMP Transform Payload (ISAKMP):
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_T
Sep 30 12:13:20 romulus pluto[10414]: | length: 32
Sep 30 12:13:20 romulus pluto[10414]: | transform number: 0
Sep 30 12:13:20 romulus pluto[10414]: | transform ID: KEY_IKE
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_LIFE_TYPE
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 1
Sep 30 12:13:20 romulus pluto[10414]: | [1 is OAKLEY_LIFE_SECONDS]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_LIFE_DURATION
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 3600
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 5
Sep 30 12:13:20 romulus pluto[10414]: | [5 is OAKLEY_3DES_CBC]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_HASH_ALGORITHM
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 1
Sep 30 12:13:20 romulus pluto[10414]: | [1 is OAKLEY_MD5]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 3
Sep 30 12:13:20 romulus pluto[10414]: | [3 is OAKLEY_RSA_SIG]
Sep 30 12:13:20 romulus pluto[10414]: | ******parse ISAKMP Oakley attribute:
Sep 30 12:13:20 romulus pluto[10414]: | af+type: OAKLEY_GROUP_DESCRIPTION
Sep 30 12:13:20 romulus pluto[10414]: | length/value: 5
Sep 30 12:13:20 romulus pluto[10414]: | [5 is OAKLEY_GROUP_MODP1536]
Sep 30 12:13:20 romulus pluto[10414]: | Oakley Transform 0 accepted
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_OK
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 30 12:13:20 romulus pluto[10414]: | sending reply packet to 65.7.156.165:500 (from port 500)
Sep 30 12:13:20 romulus pluto[10414]: | sending 136 bytes for STATE_MAIN_R0 through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 30 12:13:20 romulus pluto[10414]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:13:20 romulus pluto[10414]: | phase 1 is done, looking for phase 2 to unpend
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 284 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_KE
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: none
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 284
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:20 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R1
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Key Exchange Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONCE
Sep 30 12:13:20 romulus pluto[10414]: | length: 196
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Nonce Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NAT-D
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP NAT-D Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 20
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Sep 30 12:13:20 romulus pluto[10414]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:13:20 romulus pluto[10414]: | asking helper 0 to do build_kenonce op on seq: 1 (len=2668, pcw_work=1)
Sep 30 12:13:20 romulus pluto[10414]: | crypto helper write of request: cnt=2668<wlen=2668.
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_SUSPEND
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 read 2664+4/2668 bytesfd: 8
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 doing build_kenonce op id: 1
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 has finished work (cnt now 1)
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 replies to id: q#1
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | started looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:13:20 romulus pluto[10414]: | actually looking for secret for C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=romulus.wittsend.com, E=postmaster at wittsend.com->C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com of kind PPK_PSK
Sep 30 12:13:20 romulus pluto[10414]: | concluding with best_match=0 best=(nil) (lineno=-1)
Sep 30 12:13:20 romulus pluto[10414]: | parent1 type: 7 group: 5 len: 2668
Sep 30 12:13:20 romulus pluto[10414]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
Sep 30 12:13:20 romulus pluto[10414]: | asking helper 0 to do compute dh+iv op on seq: 2 (len=2668, pcw_work=1)
Sep 30 12:13:20 romulus pluto[10414]: | crypto helper write of request: cnt=2668<wlen=2668.
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with STF_OK
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 30 12:13:20 romulus pluto[10414]: | sending reply packet to 65.7.156.165:500 (from port 500)
Sep 30 12:13:20 romulus pluto[10414]: | sending 420 bytes for STATE_MAIN_R1 through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 30 12:13:20 romulus pluto[10414]: | modecfg pull: noquirk policy:push not-client
Sep 30 12:13:20 romulus pluto[10414]: | phase 1 is done, looking for phase 2 to unpend
Sep 30 12:13:20 romulus pluto[10414]: | * processed 1 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 read 2664+4/2668 bytesfd: 8
Sep 30 12:13:20 romulus pluto[10415]: ! helper 0 doing compute dh+iv op id: 2
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 has finished work (cnt now 1)
Sep 30 12:13:20 romulus pluto[10414]: | helper 0 replies to id: q#2
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | * processed 1 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:20 romulus pluto[10414]: |
Sep 30 12:13:20 romulus pluto[10414]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:20 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:20 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:20 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:13:20 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:20 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:20 romulus pluto[10414]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:13:20 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:20 romulus pluto[10414]: | length: 1548
Sep 30 12:13:20 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:20 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:20 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:20 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:20 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:20 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R2
Sep 30 12:13:20 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Identification Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:13:20 romulus pluto[10414]: | length: 176
Sep 30 12:13:20 romulus pluto[10414]: | ID type: ID_DER_ASN1_DN
Sep 30 12:13:20 romulus pluto[10414]: | DOI specific A: 0
Sep 30 12:13:20 romulus pluto[10414]: | DOI specific B: 0
Sep 30 12:13:20 romulus pluto[10414]: | obj: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:20 romulus pluto[10414]: | obj: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | obj: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | obj: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | obj: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | obj: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | obj: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:20 romulus pluto[10414]: | obj: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | obj: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:20 romulus pluto[10414]: | obj: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:20 romulus pluto[10414]: | obj: 73 65 6e 64 2e 63 6f 6d 07 00 03 f8 04 30 82 03
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x40(ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:13:20 romulus pluto[10414]: | length: 1016
Sep 30 12:13:20 romulus pluto[10414]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x80(ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:13:20 romulus pluto[10414]: | length: 194
Sep 30 12:13:20 romulus pluto[10414]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:13:20 romulus pluto[10414]: | got payload 0x200(ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0
Sep 30 12:13:20 romulus pluto[10414]: | ***parse ISAKMP Signature Payload:
Sep 30 12:13:20 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:20 romulus pluto[10414]: | length: 132
Sep 30 12:13:20 romulus pluto[10414]: | removing 2 bytes of padding
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:20 romulus pluto[10414]: | DER ASN1 DN: 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:20 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:20 romulus pluto[10414]: | v3
Sep 30 12:13:20 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:20 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:20 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:20 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:20 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:20 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | TRUE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:20 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:20 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:20 romulus pluto[10414]: | FALSE
Sep 30 12:13:20 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:20 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:20 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:20 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:20 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:20 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:20 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:20 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:20 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:20 romulus pluto[10414]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:13:20 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:13:20 romulus pluto[10414]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:13:20 romulus pluto[10414]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:13:20 romulus pluto[10414]: | 3a
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:13:20 romulus pluto[10414]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:13:20 romulus pluto[10414]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:13:20 romulus pluto[10414]: | digest: 90 69 e2 aa
Sep 30 12:13:20 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:20 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:20 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:13:20 romulus pluto[10414]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:13:20 romulus pluto[10414]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:13:20 romulus pluto[10414]: | aa
Sep 30 12:13:20 romulus pluto[10414]: | reached self-signed root ca
Sep 30 12:13:20 romulus pluto[10414]: | Public key validated
Sep 30 12:13:20 romulus pluto[10414]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:13:20 romulus pluto[10414]: | CR 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:20 romulus pluto[10414]: | CR 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:20 romulus pluto[10414]: | CR 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:20 romulus pluto[10414]: | CR 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:20 romulus pluto[10414]: | CR 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:20 romulus pluto[10414]: | CR 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:13:20 romulus pluto[10414]: | CR 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:13:20 romulus pluto[10414]: | CR 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:13:20 romulus pluto[10414]: | CR 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:13:20 romulus pluto[10414]: | CR 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:13:20 romulus pluto[10414]: | CR 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:20 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:20 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:20 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:20 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:20 romulus pluto[10414]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
Sep 30 12:13:20 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:20 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:30 romulus pluto[10414]: |
Sep 30 12:13:30 romulus pluto[10414]: | *time to handle event
Sep 30 12:13:30 romulus pluto[10414]: | handling event EVENT_RETRANSMIT
Sep 30 12:13:30 romulus pluto[10414]: | event after this is EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:30 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:30 romulus pluto[10414]: | handling event EVENT_RETRANSMIT for <invalid> "complex" #1
Sep 30 12:13:30 romulus pluto[10414]: | sending 420 bytes for EVENT_RETRANSMIT through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:30 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
Sep 30 12:13:30 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:30 romulus pluto[10414]: |
Sep 30 12:13:30 romulus pluto[10414]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:30 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:30 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:30 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:30 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:30 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:13:30 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:30 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:30 romulus pluto[10414]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:13:30 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:30 romulus pluto[10414]: | length: 1548
Sep 30 12:13:30 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:30 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:30 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:30 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:30 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:30 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R2
Sep 30 12:13:30 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Identification Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:13:30 romulus pluto[10414]: | length: 176
Sep 30 12:13:30 romulus pluto[10414]: | ID type: ID_DER_ASN1_DN
Sep 30 12:13:30 romulus pluto[10414]: | DOI specific A: 0
Sep 30 12:13:30 romulus pluto[10414]: | DOI specific B: 0
Sep 30 12:13:30 romulus pluto[10414]: | obj: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:30 romulus pluto[10414]: | obj: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | obj: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | obj: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | obj: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | obj: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | obj: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:30 romulus pluto[10414]: | obj: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | obj: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:30 romulus pluto[10414]: | obj: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:30 romulus pluto[10414]: | obj: 73 65 6e 64 2e 63 6f 6d 07 00 03 f8 04 30 82 03
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x40(ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:13:30 romulus pluto[10414]: | length: 1016
Sep 30 12:13:30 romulus pluto[10414]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x80(ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:13:30 romulus pluto[10414]: | length: 194
Sep 30 12:13:30 romulus pluto[10414]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:13:30 romulus pluto[10414]: | got payload 0x200(ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0
Sep 30 12:13:30 romulus pluto[10414]: | ***parse ISAKMP Signature Payload:
Sep 30 12:13:30 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:30 romulus pluto[10414]: | length: 132
Sep 30 12:13:30 romulus pluto[10414]: | removing 2 bytes of padding
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:30 romulus pluto[10414]: | DER ASN1 DN: 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:30 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:30 romulus pluto[10414]: | v3
Sep 30 12:13:30 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:30 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:30 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:30 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:30 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:30 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | TRUE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:30 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:30 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:30 romulus pluto[10414]: | FALSE
Sep 30 12:13:30 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:30 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:30 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:30 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:30 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:30 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:30 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:30 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:30 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:30 romulus pluto[10414]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:13:30 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:30 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:13:30 romulus pluto[10414]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:13:30 romulus pluto[10414]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:13:30 romulus pluto[10414]: | 3a
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:13:30 romulus pluto[10414]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:13:30 romulus pluto[10414]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:13:30 romulus pluto[10414]: | digest: 90 69 e2 aa
Sep 30 12:13:30 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:30 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:30 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:13:30 romulus pluto[10414]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:13:30 romulus pluto[10414]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:13:30 romulus pluto[10414]: | aa
Sep 30 12:13:30 romulus pluto[10414]: | reached self-signed root ca
Sep 30 12:13:30 romulus pluto[10414]: | Public key validated
Sep 30 12:13:30 romulus pluto[10414]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:13:30 romulus pluto[10414]: | CR 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:30 romulus pluto[10414]: | CR 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:30 romulus pluto[10414]: | CR 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:30 romulus pluto[10414]: | CR 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:30 romulus pluto[10414]: | CR 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:30 romulus pluto[10414]: | CR 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:13:30 romulus pluto[10414]: | CR 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:13:30 romulus pluto[10414]: | CR 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:13:30 romulus pluto[10414]: | CR 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:13:30 romulus pluto[10414]: | CR 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:13:30 romulus pluto[10414]: | CR 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:30 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:30 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:30 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:30 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:30 romulus pluto[10414]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
Sep 30 12:13:30 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:30 romulus pluto[10414]: | next event EVENT_NAT_T_KEEPALIVE in 10 seconds
Sep 30 12:13:40 romulus pluto[10414]: |
Sep 30 12:13:40 romulus pluto[10414]: | *time to handle event
Sep 30 12:13:40 romulus pluto[10414]: | handling event EVENT_NAT_T_KEEPALIVE
Sep 30 12:13:40 romulus pluto[10414]: | event after this is EVENT_RETRANSMIT in 10 seconds
Sep 30 12:13:40 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:40 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 10 seconds for #1
Sep 30 12:13:46 romulus pluto[10414]: |
Sep 30 12:13:46 romulus pluto[10414]: | *received whack message
Sep 30 12:13:46 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:46 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 4 seconds for #1
Sep 30 12:13:46 romulus pluto[10414]: |
Sep 30 12:13:46 romulus pluto[10414]: | *received whack message
Sep 30 12:13:46 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:46 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 4 seconds for #1
Sep 30 12:13:47 romulus pluto[10414]: |
Sep 30 12:13:47 romulus pluto[10414]: | *received whack message
Sep 30 12:13:47 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:47 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 3 seconds for #1
Sep 30 12:13:50 romulus pluto[10414]: |
Sep 30 12:13:50 romulus pluto[10414]: | *time to handle event
Sep 30 12:13:50 romulus pluto[10414]: | handling event EVENT_RETRANSMIT
Sep 30 12:13:50 romulus pluto[10414]: | event after this is EVENT_PENDING_PHASE2 in 80 seconds
Sep 30 12:13:50 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:50 romulus pluto[10414]: | handling event EVENT_RETRANSMIT for <invalid> "complex" #1
Sep 30 12:13:50 romulus pluto[10414]: | sending 420 bytes for EVENT_RETRANSMIT through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:50 romulus pluto[10414]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #1
Sep 30 12:13:50 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 40 seconds for #1
Sep 30 12:13:50 romulus pluto[10414]: |
Sep 30 12:13:50 romulus pluto[10414]: | *received 1548 bytes from 65.7.156.165:500 on veth0 (port=500)
Sep 30 12:13:50 romulus pluto[10414]: | **parse ISAKMP Message:
Sep 30 12:13:50 romulus pluto[10414]: | initiator cookie:
Sep 30 12:13:50 romulus pluto[10414]: | 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:50 romulus pluto[10414]: | responder cookie:
Sep 30 12:13:50 romulus pluto[10414]: | 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:50 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_ID
Sep 30 12:13:50 romulus pluto[10414]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407)
Sep 30 12:13:50 romulus pluto[10414]: | exchange type: ISAKMP_XCHG_IDPROT
Sep 30 12:13:50 romulus pluto[10414]: | flags: ISAKMP_FLAG_ENCRYPTION
Sep 30 12:13:50 romulus pluto[10414]: | message ID: 00 00 00 00
Sep 30 12:13:50 romulus pluto[10414]: | length: 1548
Sep 30 12:13:50 romulus pluto[10414]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Sep 30 12:13:50 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:50 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:50 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:50 romulus pluto[10414]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
Sep 30 12:13:50 romulus pluto[10414]: | v1 state object #1 found, in STATE_MAIN_R2
Sep 30 12:13:50 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:50 romulus pluto[10414]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0
Sep 30 12:13:50 romulus pluto[10414]: | ***parse ISAKMP Identification Payload:
Sep 30 12:13:50 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CERT
Sep 30 12:13:50 romulus pluto[10414]: | length: 176
Sep 30 12:13:50 romulus pluto[10414]: | ID type: ID_DER_ASN1_DN
Sep 30 12:13:50 romulus pluto[10414]: | DOI specific A: 0
Sep 30 12:13:50 romulus pluto[10414]: | DOI specific B: 0
Sep 30 12:13:50 romulus pluto[10414]: | obj: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:50 romulus pluto[10414]: | obj: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:50 romulus pluto[10414]: | obj: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:50 romulus pluto[10414]: | obj: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:50 romulus pluto[10414]: | obj: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:50 romulus pluto[10414]: | obj: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:50 romulus pluto[10414]: | obj: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:50 romulus pluto[10414]: | obj: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:50 romulus pluto[10414]: | obj: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:50 romulus pluto[10414]: | obj: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:50 romulus pluto[10414]: | obj: 73 65 6e 64 2e 63 6f 6d 07 00 03 f8 04 30 82 03
Sep 30 12:13:50 romulus pluto[10414]: | got payload 0x40(ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0
Sep 30 12:13:50 romulus pluto[10414]: | ***parse ISAKMP Certificate Payload:
Sep 30 12:13:50 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_CR
Sep 30 12:13:50 romulus pluto[10414]: | length: 1016
Sep 30 12:13:50 romulus pluto[10414]: | cert encoding: CERT_X509_SIGNATURE
Sep 30 12:13:50 romulus pluto[10414]: | got payload 0x80(ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0
Sep 30 12:13:50 romulus pluto[10414]: | ***parse ISAKMP Certificate RequestPayload:
Sep 30 12:13:50 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_SIG
Sep 30 12:13:50 romulus pluto[10414]: | length: 194
Sep 30 12:13:50 romulus pluto[10414]: | cert type: CERT_X509_SIGNATURE
Sep 30 12:13:50 romulus pluto[10414]: | got payload 0x200(ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0
Sep 30 12:13:50 romulus pluto[10414]: | ***parse ISAKMP Signature Payload:
Sep 30 12:13:50 romulus pluto[10414]: | next payload type: ISAKMP_NEXT_NONE
Sep 30 12:13:50 romulus pluto[10414]: | length: 132
Sep 30 12:13:50 romulus pluto[10414]: | removing 2 bytes of padding
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 30 81 a5 31 0b 30 09 06 03 55 04 06 13 02 47 41
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 79 31 1d 30 1b 06 03 55 04 03 13 14 63 6f 6d 70
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 6c 65 78 2e 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 31 26 30 24 06 09 2a 86 48 86 f7 0d 01 09 01 16
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 17 70 6f 73 74 6d 61 73 74 65 72 40 77 69 74 74
Sep 30 12:13:50 romulus pluto[10414]: | DER ASN1 DN: 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | L0 - certificate:
Sep 30 12:13:50 romulus pluto[10414]: | L1 - tbsCertificate:
Sep 30 12:13:50 romulus pluto[10414]: | L2 - DEFAULT v1:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - version:
Sep 30 12:13:50 romulus pluto[10414]: | v3
Sep 30 12:13:50 romulus pluto[10414]: | L2 - serialNumber:
Sep 30 12:13:50 romulus pluto[10414]: | L2 - signature:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - algorithmIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - algorithm:
Sep 30 12:13:50 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:50 romulus pluto[10414]: | L2 - issuer:
Sep 30 12:13:50 romulus pluto[10414]: | 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services'
Sep 30 12:13:50 romulus pluto[10414]: | L2 - validity:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - notBefore:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:50 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2008'
Sep 30 12:13:50 romulus pluto[10414]: | L3 - notAfter:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - utcTime:
Sep 30 12:13:50 romulus pluto[10414]: | 'Jul 26 18:45:14 UTC 2012'
Sep 30 12:13:50 romulus pluto[10414]: | L2 - subject:
Sep 30 12:13:50 romulus pluto[10414]: | 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | L2 - subjectPublicKeyInfo:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - algorithmIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - algorithm:
Sep 30 12:13:50 romulus pluto[10414]: | 'rsaEncryption'
Sep 30 12:13:50 romulus pluto[10414]: | L3 - subjectPublicKey:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - RSAPublicKey:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - modulus:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - publicExponent:
Sep 30 12:13:50 romulus pluto[10414]: | L2 - optional extensions:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - extensions:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:50 romulus pluto[10414]: | 'authorityKeyIdentifier'
Sep 30 12:13:50 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:50 romulus pluto[10414]: | FALSE
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:50 romulus pluto[10414]: | L6 - authorityKeyIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L7 - keyIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L8 - keyIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:50 romulus pluto[10414]: | 'extendedKeyUsage'
Sep 30 12:13:50 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:50 romulus pluto[10414]: | FALSE
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:50 romulus pluto[10414]: | L6 - extendedKeyUsage:
Sep 30 12:13:50 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:50 romulus pluto[10414]: | 'serverAuth'
Sep 30 12:13:50 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:50 romulus pluto[10414]: | 'clientAuth'
Sep 30 12:13:50 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:50 romulus pluto[10414]: | L7 - keyPurposeID:
Sep 30 12:13:50 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:50 romulus pluto[10414]: | 'basicConstraints'
Sep 30 12:13:50 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:50 romulus pluto[10414]: | TRUE
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:50 romulus pluto[10414]: | L6 - basicConstraints:
Sep 30 12:13:50 romulus pluto[10414]: | L7 - CA:
Sep 30 12:13:50 romulus pluto[10414]: | FALSE
Sep 30 12:13:50 romulus pluto[10414]: | L4 - extension:
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnID:
Sep 30 12:13:50 romulus pluto[10414]: | 'subjectAltName'
Sep 30 12:13:50 romulus pluto[10414]: | L5 - critical:
Sep 30 12:13:50 romulus pluto[10414]: | FALSE
Sep 30 12:13:50 romulus pluto[10414]: | L5 - extnValue:
Sep 30 12:13:50 romulus pluto[10414]: | L6 - generalNames:
Sep 30 12:13:50 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:50 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:50 romulus pluto[10414]: | 'complex.wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:50 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:50 romulus pluto[10414]: | 'complex.ip6.wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:50 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:50 romulus pluto[10414]: | 'complex.wittsend.org'
Sep 30 12:13:50 romulus pluto[10414]: | L7 - generalName:
Sep 30 12:13:50 romulus pluto[10414]: | L8 - dnsName:
Sep 30 12:13:50 romulus pluto[10414]: | 'complex.commandcorp.com'
Sep 30 12:13:50 romulus pluto[10414]: | L1 - signatureAlgorithm:
Sep 30 12:13:50 romulus pluto[10414]: | L2 - algorithmIdentifier:
Sep 30 12:13:50 romulus pluto[10414]: | L3 - algorithm:
Sep 30 12:13:50 romulus pluto[10414]: | 'md5WithRSAEncryption'
Sep 30 12:13:50 romulus pluto[10414]: | L1 - signatureValue:
Sep 30 12:13:50 romulus pluto[10414]: | signature algorithm: 'md5WithRSAEncryption'
Sep 30 12:13:50 romulus pluto[10414]: | digest: 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c 3a
Sep 30 12:13:50 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:50 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30
Sep 30 12:13:50 romulus pluto[10414]: | 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
Sep 30 12:13:50 romulus pluto[10414]: | 10 12 ee 0a bd 44 99 b6 a8 1e 13 35 2b 7d 26 2c
Sep 30 12:13:50 romulus pluto[10414]: | 3a
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: no crl from issuer "C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services" found (strict=no)
Sep 30 12:13:50 romulus pluto[10414]: | signature algorithm: 'sha-1WithRSAEncryption'
Sep 30 12:13:50 romulus pluto[10414]: | digest: 3c 00 ad 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7
Sep 30 12:13:50 romulus pluto[10414]: | digest: 90 69 e2 aa
Sep 30 12:13:50 romulus pluto[10414]: | decrypted signature:
Sep 30 12:13:50 romulus pluto[10414]: | 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Sep 30 12:13:50 romulus pluto[10414]: | ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 21
Sep 30 12:13:50 romulus pluto[10414]: | 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 3c 00 ad
Sep 30 12:13:50 romulus pluto[10414]: | 12 b1 0a 99 28 d1 82 cf 34 9b 6e ed c7 90 69 e2
Sep 30 12:13:50 romulus pluto[10414]: | aa
Sep 30 12:13:50 romulus pluto[10414]: | reached self-signed root ca
Sep 30 12:13:50 romulus pluto[10414]: | Public key validated
Sep 30 12:13:50 romulus pluto[10414]: | CR 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 55 53
Sep 30 12:13:50 romulus pluto[10414]: | CR 31 10 30 0e 06 03 55 04 08 13 07 47 65 6f 72 67
Sep 30 12:13:50 romulus pluto[10414]: | CR 69 61 31 10 30 0e 06 03 55 04 07 13 07 4c 69 6c
Sep 30 12:13:50 romulus pluto[10414]: | CR 62 75 72 6e 31 2b 30 29 06 03 55 04 0a 14 22 54
Sep 30 12:13:50 romulus pluto[10414]: | CR 68 61 75 6d 61 74 75 72 67 79 20 26 20 53 70 65
Sep 30 12:13:50 romulus pluto[10414]: | CR 63 75 6c 75 6d 73 20 54 65 63 68 6e 6f 6c 6f 67
Sep 30 12:13:50 romulus pluto[10414]: | CR 79 31 1f 30 1d 06 03 55 04 0b 13 16 43 65 72 74
Sep 30 12:13:50 romulus pluto[10414]: | CR 69 66 69 63 61 74 69 6f 6e 20 53 65 72 76 69 63
Sep 30 12:13:50 romulus pluto[10414]: | CR 65 73 31 19 30 17 06 03 55 04 03 13 10 57 69 74
Sep 30 12:13:50 romulus pluto[10414]: | CR 74 73 45 6e 64 20 52 6f 6f 74 20 43 41 31 1e 30
Sep 30 12:13:50 romulus pluto[10414]: | CR 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 63 61
Sep 30 12:13:50 romulus pluto[10414]: | CR 40 77 69 74 74 73 65 6e 64 2e 63 6f 6d
Sep 30 12:13:50 romulus pluto[10414]: | requested CA: 'C=US, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, OU=Certification Services, CN=WittsEnd Root CA, E=ca at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: no suitable connection for peer 'C=GA, ST=Georgia, L=Lilburn, O=Thaumaturgy & Speculums Technology, CN=complex.wittsend.com, E=postmaster at wittsend.com'
Sep 30 12:13:50 romulus pluto[10414]: | complete state transition with (null)
Sep 30 12:13:50 romulus pluto[10414]: "complex" #1: sending encrypted notification INVALID_ID_INFORMATION to 65.7.156.165:500
Sep 30 12:13:50 romulus pluto[10414]: | sending 60 bytes for notification packet through veth0:500 to 65.7.156.165:500 (using #1)
Sep 30 12:13:50 romulus pluto[10414]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
Sep 30 12:13:50 romulus pluto[10414]: | * processed 0 messages from cryptographic helpers
Sep 30 12:13:50 romulus pluto[10414]: | next event EVENT_RETRANSMIT in 40 seconds for #1
Sep 30 12:13:58 romulus pluto[10414]: |
Sep 30 12:13:58 romulus pluto[10414]: | *received whack message
Sep 30 12:13:58 romulus pluto[10414]: shutting down
Sep 30 12:13:58 romulus pluto[10414]: forgetting secrets
Sep 30 12:13:58 romulus pluto[10414]: | processing connection rebma
Sep 30 12:13:58 romulus pluto[10414]: "rebma": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection levy-1
Sep 30 12:13:58 romulus pluto[10414]: "levy-1": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection levy-0
Sep 30 12:13:58 romulus pluto[10414]: "levy-0": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection kolvir
Sep 30 12:13:58 romulus pluto[10414]: "kolvir": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:58 romulus pluto[10414]: "complex": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:58 romulus pluto[10414]: "complex" #1: deleting state (STATE_MAIN_R2)
Sep 30 12:13:58 romulus pluto[10414]: | deleting state #1
Sep 30 12:13:58 romulus pluto[10414]: | processing connection complex
Sep 30 12:13:58 romulus pluto[10414]: | ICOOKIE: 1c 45 b7 42 90 63 2b e2
Sep 30 12:13:58 romulus pluto[10414]: | RCOOKIE: 3e 5f 94 9b 3a a2 08 15
Sep 30 12:13:58 romulus pluto[10414]: | state hash entry 27
Sep 30 12:13:58 romulus pluto[10414]: | processing connection charon-1
Sep 30 12:13:58 romulus pluto[10414]: "charon-1": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection charon-0
Sep 30 12:13:58 romulus pluto[10414]: "charon-0": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection chaos
Sep 30 12:13:58 romulus pluto[10414]: "chaos": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: | processing connection canyon
Sep 30 12:13:58 romulus pluto[10414]: "canyon": deleting connection
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface tun6to4/tun6to4 2002:82cd:2003::1:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface lo/lo ::1:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface veth1/veth1 2001:4830:3000:2:280:3fff:fe03:455b:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface lo/lo 127.0.0.1:4500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface lo/lo 127.0.0.1:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface veth0/veth0 130.205.32.3:4500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface veth0/veth0 130.205.32.3:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface veth1/veth1 172.31.192.3:4500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface veth1/veth1 172.31.192.3:500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface tun0/tun0 172.31.250.1:4500
Sep 30 12:13:58 romulus pluto[10414]: shutting down interface tun0/tun0 172.31.250.1:500
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20080930/3c708a2b/attachment-0001.bin
More information about the Users
mailing list