[Openswan Users] Reports of IPSEC tunnels going offline with 2.6.28
Greg Scott
GregScott at Infrasupport.com
Thu Sep 9 01:05:41 EDT 2010
The phone rang today with a customer talking about tunnel problems and
the only cure was a reboot. This one has two sites, Iowa, named HQ and
Minnesota, named MN. Both sites are already running 2.6.28.
Looking at /var/log/secure - it looks like a problem started on Sep 8
around 27 minutes after midnight. The systems at both sites are running
ntp, so both clocks are synchronized. At 00:26:44, both HQ and MN
report an SA established. At 00:27:14, HQ starts reporting
"Informational Exchange message must be encrypted" and MN reports a
malformed payload. This repeats a few times until 00:37:54, when MN
reports "too many (17) malformed payloads. Deleting state". After that,
several messages on both sides with initiate on demand errors. Around
09:26:00, the folks at the MN site rebooted the MN firewall. After
that, the tunnel came back as normal. This customer has reported this
happening at least twice in the past few days. Again, this is with
2.6.28 at both sites.
Could this be a hardware problem?
I'll paste in extracts from /var/log/secure below. Public IP Addresses
disguised.
MN site:
Sep 8 00:23:34 MN-fw1 pluto[2192]: "mn-hq" #440: STATE_MAIN_I4: ISAKMP
SA established {auth=OAKLEY_RSA_
SIG cipher=aes_128 prf=oakley_sha group=modp2048}
Sep 8 00:25:34 MN-fw1 pluto[2192]: "mn-hq" #441: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE
v2ALLOW to replace #429 {using isakmp#440 msgid:c03bde2c
proposal=defaults pfsgroup=OAKLEY_GROUP_MODP204
8}
Sep 8 00:26:04 MN-fw1 pluto[2192]: "mn-hq" #441: ERROR: netlink
response for Add SA esp.c7d28cc6 at 3.4.
177.201 included errno 3: No such process
Sep 8 00:26:14 MN-fw1 pluto[2192]: "mn-hq" #441: discarding duplicate
packet; already STATE_QUICK_I1
Sep 8 00:26:34 MN-fw1 pluto[2192]: "mn-hq" #441: discarding duplicate
packet; already STATE_QUICK_I1
Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq" #441: max number of
retransmissions (2) reached STATE_QUICK_
I1
Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq" #441: starting keying
attempt 2 of an unlimited number
Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq" #442: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE
v2ALLOW to replace #441 {using isakmp#440 msgid:54f2144a
proposal=defaults pfsgroup=OAKLEY_GROUP_MODP204
8}
Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq" #442: transition from state
STATE_QUICK_I1 to state STATE_QU
ICK_I2
Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq" #442: STATE_QUICK_I2: sent
QI2, IPsec SA established tunnel
mode {ESP=>0xdf3128a4 <0x00f94364 xfrm=AES_128-HMAC_SHA1 NATOA=none
NATD=none DPD=none}
Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:27:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:27:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:27:54 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:27:54 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:28:34 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:28:34 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:29:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:29:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:29:54 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:29:54 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:30:34 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:30:34 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:31:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:31:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:31:54 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:31:54 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:32:34 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:32:34 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:33:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:33:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:33:54 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:33:54 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:34:34 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:34:34 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:35:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:35:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:35:54 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:35:54 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:36:34 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:36:34 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:37:14 MN-fw1 pluto[2192]: | payload malformed after IV
Sep 8 00:37:14 MN-fw1 pluto[2192]: | c5 15 27 ac 8e a4 30 b7 af 3f
05 d3 57 e3 9b 0a
Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq" #440: sending notification
PAYLOAD_MALFORMED to 1.2.252.17
8:500
Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq" #440: byte 2 of ISAKMP Hash
Payload must be zero, but is not
Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq" #440: malformed payload in
packet
Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq" #440: too many (17)
malformed payloads. Deleting state
Sep 8 00:37:54 MN-fw1 pluto[2192]: packet from 1.2.252.178:500:
Informational Exchange is for an unkn
own (expired?) SA with MSGID:0xb184d99e
Sep 8 00:38:34 MN-fw1 pluto[2192]: packet from 1.2.252.178:500: Quick
Mode message is for a non-exist
ent (expired?) ISAKMP SA
Sep 8 00:39:41 MN-fw1 pluto[2192]: packet from 1.2.252.178:500:
Informational Exchange is for an unkn
own (expired?) SA with MSGID:0xa56d2416
Sep 8 08:26:44 MN-fw1 pluto[2192]: "mn-hq" #442: IPsec SA expired
(LATEST!)
Sep 8 08:26:44 MN-fw1 pluto[2192]: "mn-hq" #442: down-client output:
Running mn-updown
Sep 8 08:26:44 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:49178 to 10.0.0.1:3389 proto=6
state: fos_start because: acquire
Sep 8 08:26:44 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.63:2860 to 10.0.0.2:80 proto=6 sta
te: fos_start because: acquire
Sep 8 08:26:46 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.54:1025 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:26:47 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:26:49 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.1:3333 to 10.0.0.2:1026 proto=6 st
ate: fos_start because: acquire
Sep 8 08:26:50 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.220:1040 to 10.0.0.11:161 proto=17
state: fos_start because: acquire
Sep 8 08:26:55 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.11:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:08 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.120:3000 to 10.0.0.120:3000 proto=
17 state: fos_start because: acquire
Sep 8 08:27:11 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.16:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:13 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:52757 to 10.0.0.2:53 proto=17
state: fos_start because: acquire
Sep 8 08:27:14 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.1:445 to 10.0.0.56:1061 proto=6 st
ate: fos_start because: acquire
Sep 8 08:27:15 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.220:1040 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:20 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:21 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.1:3332 to 10.0.0.2:1026 proto=6 st
ate: fos_start because: acquire
Sep 8 08:27:22 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.54:58655 to 10.0.0.2:53 proto=17 s
tate: fos_start because: acquire
Sep 8 08:27:24 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.63:2894 to 10.0.0.2:80 proto=6 sta
te: fos_start because: acquire
Sep 8 08:27:29 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:50048 to 10.0.0.1:3389 proto=6
state: fos_start because: acquire
Sep 8 08:27:35 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.19:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:39 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.220:1040 to 10.0.0.16:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:41 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.54:1025 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:44 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.18:161 proto=17
state: fos_start because: acquire
Sep 8 08:27:52 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:53072 to 10.0.0.2:53 proto=17
state: fos_start because: acquire
Sep 8 08:27:55 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.63:2895 to 10.0.0.2:80 proto=6 sta
te: fos_start because: acquire
Sep 8 08:27:57 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.1:8 to 10.0.0.2:0 proto=1 state: f
os_start because: acquire
Sep 8 08:27:57 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.52:1054 to 10.0.0.1:3389 proto=6 s
tate: fos_start because: acquire
Sep 8 08:28:02 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:50050 to 10.0.0.1:3389 proto=6
state: fos_start because: acquire
Sep 8 08:28:03 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.220:1040 to 10.0.0.18:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:09 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.120:3000 to 10.0.0.120:3000 proto=
17 state: fos_start because: acquire
Sep 8 08:28:12 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1040 to 10.0.0.1:3389 proto=6 s
tate: fos_start because: acquire
Sep 8 08:28:27 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.220:1040 to 10.0.0.19:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:28 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.63:2897 to 10.0.0.2:80 proto=6 sta
te: fos_start because: acquire
Sep 8 08:28:29 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:36 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.54:1025 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:38 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.11:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:41 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:50056 to 10.0.0.1:3389 proto=6
state: fos_start because: acquire
Sep 8 08:28:44 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1480 to 10.0.0.1:3389 proto=6 s
tate: fos_start because: acquire
Sep 8 08:28:54 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.16:161 proto=17
state: fos_start because: acquire
Sep 8 08:28:58 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.63:2898 to 10.0.0.2:80 proto=6 sta
te: fos_start because: acquire
Sep 8 08:28:59 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.121:7107 to 10.0.0.121:4029 proto=
6 state: fos_start because: acquire
Sep 8 08:29:03 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 08:29:10 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.120:3000 to 10.0.0.120:3000 proto=
17 state: fos_start because: acquire
Sep 8 08:29:14 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.219:50057 to 10.0.0.1:3389 proto=6
state: fos_start because: acquire
Sep 8 08:29:17 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1482 to 10.0.0.1:3389 proto=6 s
tate: fos_start because: acquire
Sep 8 08:29:18 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.217:1029 to 10.0.0.19:161 proto=17
state: fos_start because: acquire
Sep 8 08:29:20 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.1:56102 to 10.0.0.2:53 proto=17 st
--More--(53%)
.
.
.
Sep 8 09:25:24 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.55:1038 to 10.0.0.11:161 proto=17
state: fos_start because: acquire
Sep 8 09:25:25 MN-fw1 sshd[1540]: Received signal 15; terminating.
Sep 8 09:25:26 MN-fw1 pluto[2192]: initiate on demand from
192.168.0.54:1025 to 10.0.0.13:161 proto=17
state: fos_start because: acquire
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
Sep 8 09:25:30 MN-fw1 pluto[2192]: forgetting secrets
Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq": deleting connection
Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq" #180: deleting state
(STATE_MAIN_I2)
Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq": unroute-client output:
Running mn-updown
Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq": unroute-client output:
/usr/local/lib/ipsec/_updown.netkey:
doroute `ip route del 10.0.0.0/24 via 3.4.177.202 dev br0 ' failed
(RTNETLINK answers: No such proces
s)
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface lo/lo
::1:500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface lo/lo
127.0.0.1:4500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface lo/lo
127.0.0.1:500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface eth2/eth2
192.168.253.1:4500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface eth2/eth2
192.168.253.1:500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface eth3/eth3
10.10.10.70:4500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface eth3/eth3
10.10.10.70:500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface br0/br0
192.168.0.10:4500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface br0/br0
192.168.0.10:500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface br0/br0
3.4.177.201:4500
Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down interface br0/br0
3.4.177.201:500
Sep 8 09:26:53 MN-fw1 runuser: pam_unix(runuser:session): session
opened for user root by (uid=0)
Sep 8 09:26:53 MN-fw1 runuser: pam_unix(runuser:session): session
closed for user root
Sep 8 09:26:56 MN-fw1 ipsec__plutorun: Starting Pluto subsystem...
Sep 8 09:26:56 MN-fw1 pluto[1486]: nss directory plutomain:
/etc/ipsec.d
Sep 8 09:26:56 MN-fw1 pluto[1486]: NSS Initialized
Sep 8 09:26:56 MN-fw1 pluto[1486]: Starting Pluto (Openswan Version
2.6.28; Vendor ID OEQ{O\177nez{CQ)
pid:1486
Sep 8 09:26:56 MN-fw1 pluto[1486]: Non-fips mode set in
/proc/sys/crypto/fips_enabled
Sep 8 09:26:56 MN-fw1 pluto[1486]: SAref support [disabled]: Protocol
not available
Sep 8 09:26:56 MN-fw1 pluto[1486]: SAbind support [disabled]: Protocol
not available
Sep 8 09:26:56 MN-fw1 pluto[1486]: Setting NAT-Traversal port-4500
floating to on
Sep 8 09:26:56 MN-fw1 pluto[1486]: port floating activation criteria
nat_t=1/port_float=1
Sep 8 09:26:56 MN-fw1 pluto[1486]: NAT-Traversal support [enabled]
Sep 8 09:26:56 MN-fw1 pluto[1486]: 1 bad entries in virtual_private -
none loaded
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0
)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
Sep 8 09:26:56 MN-fw1 pluto[1486]: no helpers will be started, all
cryptographic operations will be don
e inline
Sep 8 09:26:56 MN-fw1 pluto[1486]: Using Linux 2.6 IPsec interface code
on 2.6.33.5-112.fc13.i686.PAE (
experimental code)
Sep 8 09:26:56 MN-fw1 sshd[1515]: Server listening on 0.0.0.0 port 22.
Sep 8 09:26:56 MN-fw1 sshd[1515]: Server listening on :: port 22.
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_ccm_8: Ok (ret=0)
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_ccm_12: FAILED (ret=-17)
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_ccm_16: FAILED (ret=-17)
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_gcm_8: FAILED (ret=-17)
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_gcm_12: FAILED (ret=-17)
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_register_enc(): Activating
aes_gcm_16: FAILED (ret=-17)
Sep 8 09:26:57 MN-fw1 pluto[1486]: myid malformed: empty string ""
Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to directory
'/etc/ipsec.d/cacerts'
Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to directory
'/etc/ipsec.d/aacerts'
Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to directory
'/etc/ipsec.d/ocspcerts'
Sep 8 09:26:57 MN-fw1 pluto[1486]: Changing to directory
'/etc/ipsec.d/crls'
Sep 8 09:26:57 MN-fw1 pluto[1486]: Warning: empty directory
Sep 8 09:26:57 MN-fw1 pluto[1486]: added connection description "mn-hq"
Sep 8 09:26:57 MN-fw1 pluto[1486]: listening for IKE messages
Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal: Trying new style
NAT-T
Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal: ESPINUDP(1) setup
failed for new style NAT-T family I
Pv4 (errno=19)
Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal: Trying old style
NAT-T
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth3/eth3
10.10.10.70:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth3/eth3
10.10.10.70:4500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth2/eth2
192.168.253.1:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth2/eth2
192.168.253.1:4500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth1/eth1
192.168.0.10:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth1/eth1
192.168.0.10:4500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth0/eth0
3.4.177.201:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface eth0/eth0
3.4.177.201:4500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface lo/lo 127.0.0.1:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface lo/lo
127.0.0.1:4500
Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface lo/lo ::1:500
Sep 8 09:26:57 MN-fw1 pluto[1486]: loading secrets from
"/etc/ipsec.secrets"
Sep 8 09:26:57 MN-fw1 pluto[1486]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Sep 8 09:26:57 MN-fw1 pluto[1486]: loaded private key for keyid:
PPK_RSA:AQOwd0G2W
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": prepare-client output:
Running mn-updown
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": prepare-client output:
Cannot find device "br0"
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": prepare-client command
exited with status 255
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": route-client output:
Running mn-updown
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": route-client output:
RTNETLINK answers: Network is unreacha
ble
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": route-client output: Cannot
find device "br0"
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": route-client command exited
with status 255
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": down-client output: Running
mn-updown
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": down-client output: Cannot
find device "br0"
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq": down-client command exited
with status 255
Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq" #1: initiating Main Mode
Sep 8 09:26:57 MN-fw1 pluto[1486]: ERROR: "mn-hq" #1: sendto on eth0 to
1.2.252.178:500 failed in mai
n_outI1. Errno 101: Network is unreachable
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
Sep 8 09:27:00 MN-fw1 pluto[1486]: forgetting secrets
Sep 8 09:27:00 MN-fw1 pluto[1486]: "mn-hq": deleting connection
Sep 8 09:27:00 MN-fw1 pluto[1486]: "mn-hq" #1: deleting state
(STATE_MAIN_I1)
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface lo/lo
::1:500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface lo/lo
127.0.0.1:4500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface lo/lo
127.0.0.1:500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth0/eth0
3.4.177.201:4500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth0/eth0
3.4.177.201:500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth1/eth1
192.168.0.10:4500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth1/eth1
192.168.0.10:500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth2/eth2
192.168.253.1:4500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth2/eth2
192.168.253.1:500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth3/eth3
10.10.10.70:4500
Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down interface eth3/eth3
10.10.10.70:500
Sep 8 09:27:02 MN-fw1 ipsec__plutorun: Starting Pluto subsystem...
Sep 8 09:27:02 MN-fw1 pluto[2173]: nss directory plutomain:
/etc/ipsec.d
Sep 8 09:27:02 MN-fw1 pluto[2173]: NSS Initialized
Sep 8 09:27:02 MN-fw1 pluto[2173]: Starting Pluto (Openswan Version
2.6.28; Vendor ID OEQ{O\177nez{CQ)
pid:2173
Sep 8 09:27:02 MN-fw1 pluto[2173]: Non-fips mode set in
/proc/sys/crypto/fips_enabled
Sep 8 09:27:02 MN-fw1 pluto[2173]: SAref support [disabled]: Protocol
not available
Sep 8 09:27:02 MN-fw1 pluto[2173]: SAbind support [disabled]: Protocol
not available
Sep 8 09:27:02 MN-fw1 pluto[2173]: Setting NAT-Traversal port-4500
floating to on
Sep 8 09:27:02 MN-fw1 pluto[2173]: port floating activation criteria
nat_t=1/port_float=1
Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal support [enabled]
Sep 8 09:27:02 MN-fw1 pluto[2173]: 1 bad entries in virtual_private -
none loaded
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0
)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
OAKLEY_SERPENT_CBC: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_512: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_hash(): Activating
OAKLEY_SHA2_256: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: no helpers will be started, all
cryptographic operations will be don
e inline
Sep 8 09:27:02 MN-fw1 pluto[2173]: Using Linux 2.6 IPsec interface code
on 2.6.33.5-112.fc13.i686.PAE (
experimental code)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_ccm_8: Ok (ret=0)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_ccm_12: FAILED (ret=-17)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_ccm_16: FAILED (ret=-17)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_gcm_8: FAILED (ret=-17)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_gcm_12: FAILED (ret=-17)
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add(): ERROR: Algorithm
already exists
Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc(): Activating
aes_gcm_16: FAILED (ret=-17)
Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to directory
'/etc/ipsec.d/cacerts'
Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to directory
'/etc/ipsec.d/aacerts'
Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to directory
'/etc/ipsec.d/ocspcerts'
Sep 8 09:27:02 MN-fw1 pluto[2173]: Changing to directory
'/etc/ipsec.d/crls'
Sep 8 09:27:02 MN-fw1 pluto[2173]: Warning: empty directory
Sep 8 09:27:02 MN-fw1 pluto[2173]: added connection description "mn-hq"
Sep 8 09:27:02 MN-fw1 pluto[2173]: listening for IKE messages
Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal: Trying new style
NAT-T
Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal: ESPINUDP(1) setup
failed for new style NAT-T family I
Pv4 (errno=19)
Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal: Trying old style
NAT-T
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface br0/br0
3.4.177.201:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface br0/br0
3.4.177.201:4500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface br0/br0
192.168.0.10:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface br0/br0
192.168.0.10:4500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface eth3/eth3
10.10.10.70:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface eth3/eth3
10.10.10.70:4500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface eth2/eth2
192.168.253.1:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface eth2/eth2
192.168.253.1:4500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface lo/lo 127.0.0.1:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface lo/lo
127.0.0.1:4500
Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface lo/lo ::1:500
Sep 8 09:27:02 MN-fw1 pluto[2173]: loading secrets from
"/etc/ipsec.secrets"
Sep 8 09:27:02 MN-fw1 pluto[2173]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Sep 8 09:27:02 MN-fw1 pluto[2173]: loaded private key for keyid:
PPK_RSA:AQOwd0G2W
Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq": prepare-client output:
Running mn-updown
Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq": prepare-client output:
RTNETLINK answers: No such file or d
irectory
Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq": prepare-client command
exited with status 2
Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq": route-client output:
Running mn-updown
Sep 8 09:27:03 MN-fw1 pluto[2173]: "mn-hq" #1: initiating Main Mode
Sep 8 09:27:06 MN-fw1 pluto[2173]: ERROR: asynchronous network error
report on br0 (sport=500) for mess
age to 1.2.252.178 port 500, complainant 3.4.177.201: No route to host
[errno 113, origin ICMP type
3 code 1 (not authenticated)]
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: received Vendor ID
payload [Openswan (this version) 2.6.
28 ]
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: received Vendor ID
payload [Dead Peer Detection]
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: received Vendor ID
payload [RFC 3947] method set to=109
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: enabling possible
NAT-traversal with method 4
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_
I2
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
Sep 8 09:27:14 MN-fw1 pluto[2173]: initiate on demand from
192.168.0.219:56222 to 10.0.0.2:53 proto=17
state: fos_start because: acquire
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: NAT-Traversal: Result
using RFC 3947 (NAT-Traversal): no
NAT detected
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_
I3
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: received Vendor ID
payload [CAN-IKEv2]
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: Main mode peer ID is
ID_FQDN: '@hq.local'
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_
I4
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_RSA_SI
G cipher=aes_128 prf=oakley_sha group=modp2048}
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #2: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2
ALLOW {using isakmp#1 msgid:d173e7ed proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #3: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2
ALLOW {using isakmp#1 msgid:ebfc7062 proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #2: up-client output:
Running mn-updown
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #2: transition from state
STATE_QUICK_I1 to state STATE_QUIC
K_I2
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #2: STATE_QUICK_I2: sent
QI2, IPsec SA established tunnel mo
de {ESP=>0x3de17b74 <0x5587e847 xfrm=AES_128-HMAC_SHA1 NATOA=none
NATD=none DPD=none}
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #3: transition from state
STATE_QUICK_I1 to state STATE_QUIC
K_I2
Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq" #3: STATE_QUICK_I2: sent
QI2, IPsec SA established tunnel mo
de {ESP=>0x0ac3b910 <0x885ca579 xfrm=AES_128-HMAC_SHA1 NATOA=none
NATD=none DPD=none}
Sep 8 10:10:41 MN-fw1 pluto[2173]: "mn-hq" #4: initiating Main Mode to
replace #1
Sep 8 10:10:41 MN-fw1 pluto[2173]: "mn-hq" #4: received Vendor ID
payload [Openswan (this version) 2.6.
--More--(91%)
HQ site:
Sep 8 00:23:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1351: the peer
proposed: 10.0.0.0/24:0/0 -> 192.168.0.0/24:0/0
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: responding to
Quick Mode proposal {msgid:c03bde2c}
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: us:
10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: them:
3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: keeping
refhim=4294901761 during rekey
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: transition from
state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 8 00:26:04 audubon-fw1 pluto[2248]: "mn-hq" #1352: STATE_QUICK_R1:
sent QR1, inbound IPsec SA installed, expecting QI2
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1351: the peer
proposed: 10.0.0.0/24:0/0 -> 192.168.0.0/24:0/0
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: responding to
Quick Mode proposal {msgid:54f2144a}
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: us:
10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: them:
3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: keeping
refhim=4294901761 during rekey
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: transition from
state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: STATE_QUICK_R1:
sent QR1, inbound IPsec SA installed, expecting QI2
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: STATE_QUICK_R2:
IPsec SA established tunnel mode {ESP=>0x00f94364 <0xdf3128a4
xfrm=AES_128-H
MAC_SHA1 NATOA=none NATD=none DPD=none}
Sep 8 00:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:27:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:28:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:29:15 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:29:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:30:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:31:14 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:31:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:32:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:33:14 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:33:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:34:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:35:15 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:35:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:36:34 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:37:14 audubon-fw1 pluto[2248]: "mn-hq" #1351: Informational
Exchange message must be encrypted
Sep 8 00:37:54 audubon-fw1 pluto[2248]: "mn-hq" #1351: received Delete
SA payload: deleting ISAKMP State #1351
Sep 8 00:37:54 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received and ignored informational message
Sep 8 00:39:14 audubon-fw1 pluto[2248]: "mn-hq" #1352: max number of
retransmissions (20) reached STATE_QUICK_R1
Sep 8 00:39:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with
MSGID:0xd4010750
Sep 8 08:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: IPsec SA expired
(LATEST!)
Sep 8 08:26:44 audubon-fw1 pluto[2248]: "mn-hq" #1353: down-client
output: Running hq-updown
Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.1:3389 to 192.168.0.219:49178 proto=6 state: fos_start because:
acquire
Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.1:3389 to 192.168.0.54:1033 proto=6 state: fos_start because:
acquire
Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.1:3389 to 192.168.0.55:1040 proto=6 state: fos_start because:
acquire
Sep 8 08:26:45 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.2:1072 to 192.168.0.12:161 proto=17 state: fos_start because:
acquire
--More--(59%)
.
.
.
Sep 8 09:26:45 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.2:1072 to 192.168.0.12:161 proto=17 state: fos_start because:
acquire
Sep 8 09:26:50 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.1:1031 to 192.168.0.20:161 proto=17 state: fos_start because:
acquire
Sep 8 09:26:52 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.1:1031 to 192.168.0.12:161 proto=17 state: fos_start because:
acquire
Sep 8 09:27:05 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.50:8 to 192.168.0.1:0 proto=1 state: fos_start because: acquire
Sep 8 09:27:06 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.50:8 to 192.168.0.10:0 proto=1 state: fos_start because: acquire
Sep 8 09:27:07 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.50:8 to 192.168.0.52:0 proto=1 state: fos_start because: acquire
Sep 8 09:27:13 audubon-fw1 pluto[2248]: initiate on demand from
10.0.0.120:1148 to 192.168.0.122:5000 proto=6 state: fos_start because:
acquire
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but a
lready using method 109
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
alr
eady using method 109
Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: responding to
Main Mode
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: STATE_MAIN_R1:
sent MR1, expecting MI2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: STATE_MAIN_R2:
sent MR2, expecting MI3
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: Main mode peer
ID is ID_FQDN: '@mn.local'
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: the peer
proposed: 10.0.0.0/24:0/0 -> 192.168.0.0/24:0/0
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: responding to
Quick Mode proposal {msgid:d173e7ed}
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: us:
10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: them:
3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: transition from
state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: STATE_QUICK_R1:
sent QR1, inbound IPsec SA installed, expecting QI2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: the peer
proposed: 10.0.0.0/24:0/0 -> 192.168.0.0/24:0/0
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: responding to
Quick Mode proposal {msgid:ebfc7062}
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: us:
10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: them:
3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: transition from
state STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: STATE_QUICK_R1:
sent QR1, inbound IPsec SA installed, expecting QI2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: up-client
output: Running hq-updown
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1355: STATE_QUICK_R2:
IPsec SA established tunnel mode {ESP=>0x5587e847 <0x3de17b74
xfrm=AES_128-H
MAC_SHA1 NATOA=none NATD=none DPD=none}
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1356: STATE_QUICK_R2:
IPsec SA established tunnel mode {ESP=>0x885ca579 <0x0ac3b910
xfrm=AES_128-H
MAC_SHA1 NATOA=none NATD=none DPD=none}
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but a
lready using method 109
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
alr
eady using method 109
Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: responding to
Main Mode
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: STATE_MAIN_R1:
sent MR1, expecting MI2
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: STATE_MAIN_R2:
sent MR2, expecting MI3
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: Main mode peer
ID is ID_FQDN: '@mn.local'
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq" #1357: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 10:27:14 audubon-fw1 pluto[2248]: "mn-hq" #1354: received Delete
SA payload: deleting ISAKMP State #1354
Sep 8 10:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received and ignored informational message
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but a
lready using method 109
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
alr
eady using method 109
Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: responding to
Main Mode
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: STATE_MAIN_R1:
sent MR1, expecting MI2
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq" #1358: STATE_MAIN_R2:
sent MR2, expecting MI3
Sep 8 10:54:31 audubon-fw1 pluto[2248]: "mn-hq" #1358: Main mode peer
ID is ID_FQDN: '@mn.local'
Sep 8 10:54:31 audubon-fw1 pluto[2248]: "mn-hq" #1358: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 8 10:54:31 audubon-fw1 pluto[2248]: "mn-hq" #1358: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 11:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with
MSGID:0x19585286
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but a
lready using method 109
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
alr
eady using method 109
Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: responding to
Main Mode
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: STATE_MAIN_R1:
sent MR1, expecting MI2
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: STATE_MAIN_R2:
sent MR2, expecting MI3
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: Main mode peer
ID is ID_FQDN: '@mn.local'
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq" #1359: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 11:54:31 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with
MSGID:0x014a63ab
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but a
lready using method 109
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
alr
eady using method 109
Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 8 12:26:33 audubon-fw1 pluto[2248]: "mn-hq" #1360: responding to
Main Mode
Sep 8 12:26:33 audubon-fw1 pluto[2248]: "mn-hq" #1360: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 8 12:26:33 audubon-fw1 pluto[2248]: "mn-hq" #1360: STATE_MAIN_R1:
sent MR1, expecting MI2
Sep 8 12:26:33 audubon-fw1 pluto[2248]: "mn-hq" #1360: NAT-Traversal:
Result using RFC 3947 (NAT-Traversal): no NAT detected
Sep 8 12:26:34 audubon-fw1 pluto[2248]: "mn-hq" #1360: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 8 12:26:34 audubon-fw1 pluto[2248]: "mn-hq" #1360: STATE_MAIN_R2:
sent MR2, expecting MI3
Sep 8 12:26:34 audubon-fw1 pluto[2248]: "mn-hq" #1360: Main mode peer
ID is ID_FQDN: '@mn.local'
Sep 8 12:26:34 audubon-fw1 pluto[2248]: "mn-hq" #1360: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 8 12:26:34 audubon-fw1 pluto[2248]: "mn-hq" #1360: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakle
y_sha group=modp2048}
Sep 8 12:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with
MSGID:0xe07e38bf
Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]
Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109
Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
alr
eady using method 109
--More--(90%)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100909/e5e95d95/attachment-0001.html
More information about the Users
mailing list