[Openswan Users] Another tunnel going offline
Greg Scott
GregScott at Infrasupport.com
Mon Sep 20 10:40:33 EDT 2010
I just got another one of my first-thing-Monday-morning trouble calls.
This one is a single tunnel with two sites, named NSSSS and Garelick.
The tunnel was down. Restarting IPSEC at NSSSS brought it back up.
Looking at /var/log/secure at the NSSSS site, looks like the problem
started Saturday morning Sept. 18 around 1:20 AM. I've included some
earlier stuff in case it produces some clues. I also obfuscated the
first two octets of the public IP Address for both sites.
Here is an extract from the NSSSS log. This is the one I restarted to
get everyone back up and running.
Sep 17 23:03:48 localhost pluto[13557]: "garelick-hq" #1695:
STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha g
roup=modp2048}
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Dead Peer Detection]
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [RFC 3947] method set to=109
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using me
thod 109
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using
method 109
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using me
thod 109
Sep 17 23:52:06 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696: responding
to Main
Mode
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696: transition
from sta
te STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696:
STATE_MAIN_R1: sent
MR1, expecting MI2
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696:
NAT-Traversal: Resu
lt using RFC 3947 (NAT-Traversal): no NAT detected
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696: transition
from sta
te STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696:
STATE_MAIN_R2: sent
MR2, expecting MI3
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696: Main mode
peer ID i
s ID_FQDN: '@garelick.local'
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696: transition
from sta
te STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 17 23:52:06 localhost pluto[13557]: "garelick-hq" #1696:
STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha g
roup=modp2048}
Sep 18 00:03:48 localhost pluto[13557]: packet from 1.2.100.18:500:
Informati
onal Exchange is for an unknown (expired?) SA with MSGID:0x62442f25
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Dead Peer Detection]
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [RFC 3947] method set to=109
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using me
thod 109
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using
method 109
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using me
thod 109
Sep 18 00:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697: responding
to Main
Mode
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697: transition
from sta
te STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697:
STATE_MAIN_R1: sent
MR1, expecting MI2
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697:
NAT-Traversal: Resu
lt using RFC 3947 (NAT-Traversal): no NAT detected
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697: transition
from sta
te STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697:
STATE_MAIN_R2: sent
MR2, expecting MI3
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697: Main mode
peer ID i
s ID_FQDN: '@garelick.local'
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697: transition
from sta
te STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 18 00:37:12 localhost pluto[13557]: "garelick-hq" #1697:
STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha g
roup=modp2048}
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Openswan (this version) 2.6.28 ]
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [Dead Peer Detection]
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [RFC 3947] method set to=109
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already
using me
thod 109
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
already using
method 109
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using me
thod 109
Sep 18 01:20:56 localhost pluto[13557]: packet from 1.2.100.18:500:
received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698: responding
to Main
Mode
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698: transition
from sta
te STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698:
STATE_MAIN_R1: sent
MR1, expecting MI2
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698:
NAT-Traversal: Resu
lt using RFC 3947 (NAT-Traversal): no NAT detected
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698: transition
from sta
te STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698:
STATE_MAIN_R2: sent
MR2, expecting MI3
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698: Main mode
peer ID i
s ID_FQDN: '@garelick.local'
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698: transition
from sta
te STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 18 01:20:56 localhost pluto[13557]: "garelick-hq" #1698:
STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha g
roup=modp2048}
Sep 18 01:37:12 localhost pluto[13557]: packet from 1.2.100.18:500:
Informati
onal Exchange is for an unknown (expired?) SA with MSGID:0x6808f130
Sep 18 01:53:18 localhost pluto[13557]: "garelick-hq" #1699: initiating
Quick Mo
de RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #1688 {using
isakmp#1698 m
sgid:50633fe2 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Sep 18 01:53:18 localhost pluto[13557]: "garelick-hq" #1699: KE has 255
byte DH
public value; 256 required
Sep 18 01:53:18 localhost pluto[13557]: "garelick-hq" #1699: sending
encrypted n
otification INVALID_KEY_INFORMATION to 1.2.100.18:500
Sep 18 01:53:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:53:28 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:53:28 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:53:28 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:53:28 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:53:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:53:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:53:48 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:53:48 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:53:48 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:54:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:54:28 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:54:28 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:54:28 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:54:28 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:55:08 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:55:08 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:55:08 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:55:08 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:55:08 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:55:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:55:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:55:48 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:55:48 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:55:48 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:56:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:56:28 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:56:28 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:56:28 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:56:28 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:57:08 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:57:08 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:57:08 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:57:08 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:57:08 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:57:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:57:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:57:48 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:57:48 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:57:48 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:58:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:58:28 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:58:28 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:58:28 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:58:28 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:59:08 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:59:08 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:59:08 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:59:08 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:59:08 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 01:59:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 01:59:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 01:59:48 localhost pluto[13557]: | payload malformed after IV
Sep 18 01:59:48 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 01:59:48 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 02:00:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 02:01:08 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 02:01:08 localhost pluto[13557]: | payload malformed after IV
Sep 18 02:01:08 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 02:01:08 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 02:01:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 02:01:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 02:01:48 localhost pluto[13557]: | payload malformed after IV
Sep 18 02:01:48 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 02:01:48 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 02:02:28 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 02:02:28 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 02:02:28 localhost pluto[13557]: | payload malformed after IV
Sep 18 02:02:28 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 02:02:28 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 02:03:08 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 02:03:08 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 02:03:08 localhost pluto[13557]: | payload malformed after IV
Sep 18 02:03:08 localhost pluto[13557]: | a3 1b 78 a8 01 0c 02 23 a0
82 8a 2
6 9b a9 1f f1
Sep 18 02:03:08 localhost pluto[13557]: "garelick-hq" #1698: sending
notificatio
n PAYLOAD_MALFORMED to 1.2.100.18:500
Sep 18 02:03:48 localhost pluto[13557]: "garelick-hq" #1698: next
payload type o
f ISAKMP Hash Payload has an unknown value: 202
Sep 18 02:03:48 localhost pluto[13557]: "garelick-hq" #1698: malformed
payload i
n packet
Sep 18 02:03:48 localhost pluto[13557]: "garelick-hq" #1698: too many
(17) malfo
rmed payloads. Deleting state
Sep 18 02:03:48 localhost pluto[13557]: packet from 1.2.100.18:500:
Informati
onal Exchange is for an unknown (expired?) SA with MSGID:0xdcb2d7de
Sep 18 02:04:28 localhost pluto[13557]: packet from 1.2.100.18:500:
Quick Mod
e message is for a non-existent (expired?) ISAKMP SA
Sep 18 02:05:08 localhost pluto[13557]: packet from 1.2.100.18:500:
Quick Mod
e message is for a non-existent (expired?) ISAKMP SA
Sep 18 02:05:48 localhost pluto[13557]: packet from 1.2.100.18:500:
Quick Mod
e message is for a non-existent (expired?) ISAKMP SA
Sep 18 02:10:04 localhost pluto[13557]: "garelick-hq" #1688: IPsec SA
expired (L
ATEST!)
Sep 18 02:10:04 localhost pluto[13557]: "garelick-hq" #1688: down-client
output:
Running hq-updown
Sep 18 02:13:01 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:13:42 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:14:21 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:15:02 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:15:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:16:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:17:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:18:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:19:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:20:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:21:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:22:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:23:31 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:24:11 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
Sep 18 02:24:52 localhost pluto[13557]: initiate on demand from
10.86.0.20:54587
to 10.86.2.202:161 proto=17 state: fos_start because: acquire
--More--(62%)
Here is an extract from the log from the Garelick site.
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370:
NAT-Traversal: Resul
t using RFC 3947 (NAT-Traversal): no NAT detected
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370: transition
from stat
e STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370:
STATE_MAIN_I3: sent
MI3, expecting MR3
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370: received
Vendor ID p
ayload [CAN-IKEv2]
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370: Main mode
peer ID is
ID_FQDN: '@hq.local'
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370: transition
from stat
e STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 17 23:03:48 localhost pluto[2320]: "garelick-hq" #1370:
STATE_MAIN_I4: ISAKM
P SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp20
48}
Sep 17 23:16:14 localhost pluto[2320]: "garelick-hq" #1369: received
Delete SA p
ayload: deleting ISAKMP State #1369
Sep 17 23:16:14 localhost pluto[2320]: packet from 1.2.46.182:500:
received a
nd ignored informational message
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: initiating
Main Mode
to replace #1370
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: received
Vendor ID p
ayload [Openswan (this version) 2.6.28 ]
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: received
Vendor ID p
ayload [Dead Peer Detection]
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: received
Vendor ID p
ayload [RFC 3947] method set to=109
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: enabling
possible NA
T-traversal with method 4
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: transition
from stat
e STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371:
STATE_MAIN_I2: sent
MI2, expecting MR2
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371:
NAT-Traversal: Resul
t using RFC 3947 (NAT-Traversal): no NAT detected
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: transition
from stat
e STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371:
STATE_MAIN_I3: sent
MI3, expecting MR3
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: received
Vendor ID p
ayload [CAN-IKEv2]
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: Main mode
peer ID is
ID_FQDN: '@hq.local'
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371: transition
from stat
e STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 17 23:52:06 localhost pluto[2320]: "garelick-hq" #1371:
STATE_MAIN_I4: ISAKM
P SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp20
48}
Sep 18 00:03:48 localhost pluto[2320]: "garelick-hq" #1370: received
Delete SA p
ayload: deleting ISAKMP State #1370
Sep 18 00:03:48 localhost pluto[2320]: packet from 1.2.46.182:500:
received a
nd ignored informational message
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: initiating
Main Mode
to replace #1371
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: received
Vendor ID p
ayload [Openswan (this version) 2.6.28 ]
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: received
Vendor ID p
ayload [Dead Peer Detection]
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: received
Vendor ID p
ayload [RFC 3947] method set to=109
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: enabling
possible NA
T-traversal with method 4
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: transition
from stat
e STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372:
STATE_MAIN_I2: sent
MI2, expecting MR2
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372:
NAT-Traversal: Resul
t using RFC 3947 (NAT-Traversal): no NAT detected
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: transition
from stat
e STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372:
STATE_MAIN_I3: sent
MI3, expecting MR3
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: received
Vendor ID p
ayload [CAN-IKEv2]
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: Main mode
peer ID is
ID_FQDN: '@hq.local'
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372: transition
from stat
e STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 18 00:37:12 localhost pluto[2320]: "garelick-hq" #1372:
STATE_MAIN_I4: ISAKM
P SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp20
48}
Sep 18 00:52:06 localhost pluto[2320]: ERROR: "garelick-hq" #1371:
sendto on br0
to 1.2.46.182:500 failed in delete notify. Errno 1: Operation not
permitted
Sep 18 00:52:06 localhost pluto[2320]: packet from 1.2.46.182:500:
Informatio
nal Exchange is for an unknown (expired?) SA with MSGID:0x84a00c90
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: initiating
Main Mode
to replace #1372
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: received
Vendor ID p
ayload [Openswan (this version) 2.6.28 ]
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: received
Vendor ID p
ayload [Dead Peer Detection]
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: received
Vendor ID p
ayload [RFC 3947] method set to=109
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: enabling
possible NA
T-traversal with method 4
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: transition
from stat
e STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373:
STATE_MAIN_I2: sent
MI2, expecting MR2
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373:
NAT-Traversal: Resul
t using RFC 3947 (NAT-Traversal): no NAT detected
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: transition
from stat
e STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373:
STATE_MAIN_I3: sent
MI3, expecting MR3
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: received
Vendor ID p
ayload [CAN-IKEv2]
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: Main mode
peer ID is
ID_FQDN: '@hq.local'
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373: transition
from stat
e STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 18 01:20:56 localhost pluto[2320]: "garelick-hq" #1373:
STATE_MAIN_I4: ISAKM
P SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp20
48}
Sep 18 01:37:12 localhost pluto[2320]: "garelick-hq" #1372: received
Delete SA p
ayload: deleting ISAKMP State #1372
Sep 18 01:37:12 localhost pluto[2320]: packet from 1.2.46.182:500:
received a
nd ignored informational message
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1373: the peer
proposed: 1
0.86.2.0/24:0/0 -> 10.86.0.0/24:0/0
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374: responding
to Quick
Mode proposal {msgid:50633fe2}
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374: us:
10.86.2.0/24
===1.2.100.18<1.2.100.18>[@garelick.local,+S=C]---1.2.100.17
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374: them:
1.2.46.17
7---1.2.46.182<1.2.46.182>[@hq.local,+S=C]===10.86.0.0/24
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374: keeping
refhim=42949
01761 during rekey
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374: transition
from stat
e STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1374:
STATE_QUICK_R1: sent
QR1, inbound IPsec SA installed, expecting QI2
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1373: ignoring
information
al payload, type INVALID_KEY_INFORMATION msgid=00000000
Sep 18 01:53:18 localhost pluto[2320]: "garelick-hq" #1373: received and
ignored
informational message
Sep 18 01:53:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:53:48 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:54:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:55:48 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:56:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:57:08 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:57:48 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:58:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:59:08 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 01:59:48 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:00:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:01:08 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:01:48 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:02:28 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:03:08 localhost pluto[2320]: "garelick-hq" #1373:
Informational Exchan
ge message must be encrypted
Sep 18 02:03:48 localhost pluto[2320]: "garelick-hq" #1373: received
Delete SA p
ayload: deleting ISAKMP State #1373
Sep 18 02:03:48 localhost pluto[2320]: packet from 1.2.46.182:500:
received a
nd ignored informational message
Sep 18 02:06:28 localhost pluto[2320]: "garelick-hq" #1374: max number
of retran
smissions (20) reached STATE_QUICK_R1
Sep 18 02:10:04 localhost pluto[2320]: "garelick-hq" #1363: IPsec SA
expired (LA
TEST!)
Sep 18 02:10:04 localhost pluto[2320]: "garelick-hq" #1363: down-client
output:
Running garelick-updown
Sep 18 02:10:04 localhost pluto[2320]: "garelick-hq" #1363: down-client
output:
Updating route to HQ
Sep 18 04:09:30 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 05:58:56 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 09:09:41 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 09:30:21 localhost pluto[2320]: initiate on demand from
10.86.2.105:2159
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 09:41:00 localhost pluto[2320]: initiate on demand from
10.86.2.102:3874
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 10:38:28 localhost pluto[2320]: initiate on demand from
10.86.2.110:49400
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 10:59:00 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 12:08:13 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 14:09:52 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 14:27:25 localhost pluto[2320]: initiate on demand from
10.86.2.105:63464
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 14:30:37 localhost pluto[2320]: initiate on demand from
10.86.2.105:50586
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 15:31:13 localhost pluto[2320]: initiate on demand from
10.86.2.105:53231
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 15:59:04 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 16:24:57 localhost pluto[2320]: initiate on demand from
10.86.2.109:55001
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 17:27:53 localhost pluto[2320]: initiate on demand from
10.86.2.100:52150
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 17:49:00 localhost pluto[2320]: initiate on demand from
10.86.2.102:4135
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 18:30:21 localhost pluto[2320]: initiate on demand from
10.86.2.105:2329
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 19:10:03 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 19:41:10 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 18 20:59:09 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 19 00:10:17 localhost pluto[2320]: initiate on demand from
10.86.2.102:4318
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
Sep 19 01:59:13 localhost pluto[2320]: initiate on demand from
10.86.2.114:1054
to 10.86.0.9:53 proto=17 state: fos_start because: acquire
[root at Garelick-fw1 log]#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100920/e41e2548/attachment-0001.html
More information about the Users
mailing list