[Openswan Users] Tunnel hangs
Greg Scott
GregScott at Infrasupport.com
Mon Nov 14 15:10:18 EST 2011
Here is the log extract from the right side - the central node - around
the time of last Friday's hang. Obfuscated public IP Addresses again -
the same as in the post I did a few minutes ago. This log will have
lots of info for other tunnels. The tunnel with the problem is
Superior-Everywhere.
Lining up with the log from the left side -
I see an SA installed at 15:11:39, then an SA expired and deleted around
15:14 and 15:16. At 15:24, max number of retransmissions reached. At
15:40, looks like this central node tries to reconnect with the left
side and gets an "SA Established" at 15:40:03. But the left side can't
see the right side around this time, even though the right side
apparently "thinks" the tunnel is good.
Finally, around 16:28 and 16:29, things eventually hook back up again
after they rebooted the left side firewall. And my root login at 16:34.
Nov 11 14:01:12 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 14:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
responding to Main Mode
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 14:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 14:11:44 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10599:
received Delete SA payload: deleting ISAKMP State #10599
Nov 11 14:11:44 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received and ignored informational message
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
initiating Main Mode to replace #10600
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
enabling possible NAT-traversal with method 4
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
received Vendor ID payload [CAN-IKEv2]
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 14:14:51 lme-fw2 pluto[3476]: "Superior-Everywhere" #10604:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 14:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: responding
to Main Mode
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 14:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 14:32:05 lme-fw2 pluto[3476]: "DR-Everywhere" #10601: received
Delete SA payload: deleting ISAKMP State #10601
Nov 11 14:32:05 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received and ignored informational message
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
initiating Main Mode to replace #10602
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
enabling possible NAT-traversal with method 4
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 14:35:10 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 14:35:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606: the
peer proposed: 192.168.0.0/16:0/0 -> 172.21.10.0/24:0/0
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
responding to Quick Mode proposal {msgid:4223f730}
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
us: 192.168.0.0/16===1.2.248.50<1.2.248.50>[@hq.local,+S=C]---1.2.248.49
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
them:
67.77.61.129---7.8.61.191<7.8.61.191>[@columbia.local,+S=C]===172.21.10.
0/24
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
keeping refhim=4294901761 during rekey
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 11 14:46:41 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10607:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x6c259eb5
<0xefe1e68b xfrm=AES_0-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:500
DPD=enabled}
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 14:46:53 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
responding to Main Mode
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 14:46:53 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 14:46:54 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 14:46:54 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 14:46:54 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 14:50:11 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10602:
received Delete SA payload: deleting ISAKMP State #10602
Nov 11 14:50:11 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
received and ignored informational message
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
initiating Main Mode to replace #10604
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
received Vendor ID payload [Dead Peer Detection]
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
enabling possible NAT-traversal with method 4
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 14:57:23 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
received Vendor ID payload [CAN-IKEv2]
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 14:57:24 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 15:01:31 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10603:
received Delete SA payload: deleting ISAKMP State #10603
Nov 11 15:01:31 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received and ignored informational message
Nov 11 15:02:03 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x87f50cb9) not found
(maybe expired)
Nov 11 15:02:03 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10606:
received and ignored informational message
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 15:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610: responding
to Main Mode
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 15:09:58 lme-fw2 pluto[3476]: "DR-Everywhere" #10610:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 15:11:32 lme-fw2 pluto[3476]: "Superior-Everywhere" #10611:
initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW to replace
#10566 {using isakmp#10609 msgid:22f466dd proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}
Nov 11 15:11:32 lme-fw2 pluto[3476]: "Superior-Everywhere" #10611:
transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 11 15:11:32 lme-fw2 pluto[3476]: "Superior-Everywhere" #10611:
STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
{ESP=>0xebbf8322 <0x0085d044 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none
DPD=none}
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609: the
peer proposed: 192.168.0.0/16:0/0 -> 172.21.5.0/24:0/0
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
responding to Quick Mode proposal {msgid:b36f75e6}
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
us: 192.168.0.0/16===1.2.248.50<1.2.248.50>[@hq.local,+S=C]---1.2.248.49
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
them:
3.4.22.1---3.4.22.228<3.4.22.228>[@superior.local,+S=C]===172.21.5.0/24
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
keeping refhim=4294901761 during rekey
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 11 15:11:39 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 11 15:14:51 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 15:16:02 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x81169896) not found
(maybe expired)
Nov 11 15:16:02 lme-fw2 pluto[3476]: "Superior-Everywhere" #10609:
received and ignored informational message
Nov 11 15:22:22 lme-fw2 pluto[3476]: "DR-Everywhere" #10605: received
Delete SA payload: deleting ISAKMP State #10605
Nov 11 15:22:22 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received and ignored informational message
Nov 11 15:24:49 lme-fw2 pluto[3476]: "Superior-Everywhere" #10612: max
number of retransmissions (20) reached STATE_QUICK_R1
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
initiating Main Mode to replace #10606
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
received Vendor ID payload [Dead Peer Detection]
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
enabling possible NAT-traversal with method 4
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 15:25:56 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 15:25:57 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10613:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 15:31:49 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 15:31:49 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
responding to Main Mode
Nov 11 15:31:49 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 15:31:49 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 15:31:50 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10614:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 15:35:11 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
initiating Main Mode to replace #10609
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
received Vendor ID payload [Dead Peer Detection]
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
enabling possible NAT-traversal with method 4
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
received Vendor ID payload [CAN-IKEv2]
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 15:40:03 lme-fw2 pluto[3476]: "Superior-Everywhere" #10615:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 15:46:54 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10608:
received Delete SA payload: deleting ISAKMP State #10608
Nov 11 15:46:54 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received and ignored informational message
Nov 11 15:57:24 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 15:59:45 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616: responding
to Main Mode
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 15:59:45 lme-fw2 pluto[3476]: "DR-Everywhere" #10616:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 15:59:46 lme-fw2 pluto[3476]: "DR-Everywhere" #10616: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 15:59:46 lme-fw2 pluto[3476]: "DR-Everywhere" #10616: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 15:59:46 lme-fw2 pluto[3476]: "DR-Everywhere" #10616:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 16:09:58 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 16:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
responding to Main Mode
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 16:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
initiating Main Mode to replace #10613
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
enabling possible NAT-traversal with method 4
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 16:15:59 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 16:16:00 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 16:16:00 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 16:16:00 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10618:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 16:25:57 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
initiating Main Mode to replace #10615
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
enabling possible NAT-traversal with method 4
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
received Vendor ID payload [CAN-IKEv2]
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 16:28:50 lme-fw2 pluto[3476]: "Superior-Everywhere" #10619:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 16:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
responding to Main Mode
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10620: the
peer proposed: 192.168.0.0/16:0/0 -> 172.21.5.0/24:0/0
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
responding to Quick Mode proposal {msgid:e1ca1f15}
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
us: 192.168.0.0/16===1.2.248.50<1.2.248.50>[@hq.local,+S=C]---1.2.248.49
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
them:
3.4.22.1---3.4.22.228<3.4.22.228>[@superior.local,+S=C]===172.21.5.0/24
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
keeping refhim=4294901761 during rekey
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 11 16:29:05 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 11 16:29:06 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 11 16:29:06 lme-fw2 pluto[3476]: "Superior-Everywhere" #10621:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xdb635564
<0x0d37397f xfrm=AES_128-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:500
DPD=enabled}
Nov 11 16:31:50 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 16:34:44 lme-fw2 sshd[23003]: Accepted password for root from
216.160.2.129 port 52860 ssh2
Nov 11 16:34:44 lme-fw2 sshd[23003]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 16:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622: responding
to Main Mode
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 16:44:50 lme-fw2 pluto[3476]: "DR-Everywhere" #10622:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
initiating Main Mode to replace #10618
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
enabling possible NAT-traversal with method 4
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 16:58:05 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 16:58:06 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10623:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 16:59:21 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 16:59:21 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
responding to Main Mode
Nov 11 16:59:21 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 16:59:21 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 16:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 16:59:46 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:14:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10617:
received Delete SA payload: deleting ISAKMP State #10617
Nov 11 17:14:37 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received and ignored informational message
Nov 11 17:16:00 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
initiating Main Mode to replace #10620
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
received Vendor ID payload [Dead Peer Detection]
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
enabling possible NAT-traversal with method 4
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
received Vendor ID payload [CAN-IKEv2]
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 17:24:35 lme-fw2 pluto[3476]: "Superior-Everywhere" #10625:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 17:24:59 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
responding to Main Mode
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 17:24:59 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 17:25:00 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 17:25:00 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 17:25:00 lme-fw2 pluto[3476]: "Superior-Everywhere" #10626:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 17:28:50 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:29:05 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 17:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: responding
to Main Mode
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 17:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: the peer
proposed: 192.168.0.0/16:0/0 -> 172.21.99.0/24:0/0
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: responding
to Quick Mode proposal {msgid:20f729cf}
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: us:
192.168.0.0/16===1.2.248.50<1.2.248.50>[@hq.local,+S=C]---1.2.248.49
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: them:
5.6.123.218---5.6.123.217<5.6.123.217>[@dr.local,+S=C]===172.21.99.0/24
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: keeping
refhim=4294901761 during rekey
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: transition
from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 11 17:36:30 lme-fw2 pluto[3476]: "DR-Everywhere" #10628:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 11 17:36:31 lme-fw2 pluto[3476]: "DR-Everywhere" #10628: transition
from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 11 17:36:31 lme-fw2 pluto[3476]: "DR-Everywhere" #10628:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x37970098
<0x5a135aab xfrm=AES_128-HMAC_SHA1 NATOA=<invalid> NATD=<invalid>:500
DPD=enabled}
Nov 11 17:44:50 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
initiating Main Mode to replace #10623
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
received Vendor ID payload [Dead Peer Detection]
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
enabling possible NAT-traversal with method 4
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 17:48:09 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10629:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 17:49:17 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
responding to Main Mode
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 17:49:17 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10630:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 17:49:24 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: received
Delete SA(0xf1661a77) payload: deleting IPSEC State #10580
Nov 11 17:49:24 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: received
and ignored informational message
Nov 11 17:58:06 lme-fw2 pluto[3476]: packet from 7.8.61.191:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 17:59:22 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10624:
received Delete SA payload: deleting ISAKMP State #10624
Nov 11 17:59:22 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received and ignored informational message
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
ignoring unknown Vendor ID payload [4f457d476e447f5a4159655b]
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 18:17:54 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631: responding
to Main Mode
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631: Main mode
peer ID is ID_FQDN: '@dr.local'
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 18:17:54 lme-fw2 pluto[3476]: "DR-Everywhere" #10631:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
initiating Main Mode to replace #10626
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
received Vendor ID payload [Dead Peer Detection]
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
enabling possible NAT-traversal with method 4
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
received Vendor ID payload [CAN-IKEv2]
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 18:20:30 lme-fw2 pluto[3476]: "Superior-Everywhere" #10632:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
ignoring unknown Vendor ID payload [4f45716c74725d4b5a6c5d5f]
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 18:20:37 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
responding to Main Mode
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 18:20:37 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 18:20:38 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633: Main
mode peer ID is ID_FQDN: '@superior.local'
Nov 11 18:20:38 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 18:20:38 lme-fw2 pluto[3476]: "Superior-Everywhere" #10633:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 11 18:24:35 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 18:25:00 lme-fw2 pluto[3476]: packet from 3.4.22.228:500:
Informational Exchange is for an unknown (expired?) SA
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
initiating Main Mode to replace #10629
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
ignoring unknown Vendor ID payload [4f456e4d43757f784f704063]
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
received Vendor ID payload [Dead Peer Detection]
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
enabling possible NAT-traversal with method 4
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
STATE_MAIN_I2: sent MI2, expecting MR2
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
STATE_MAIN_I3: sent MI3, expecting MR3
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634: Main
mode peer ID is ID_FQDN: '@columbia.local'
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 11 18:30:16 lme-fw2 pluto[3476]: "Columbia-Everywhere" #10634:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
prf=oakley_sha group=modp2048}
Nov 11 18:34:49 lme-fw2 pluto[3476]: "DR-Everywhere" #10627: received
Delete SA payload: deleting ISAKMP State #10627
Nov 11 18:34:49 lme-fw2 pluto[3476]: packet from 5.6.123.217:500:
received and ignored informational message
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
ignoring unknown Vendor ID payload [4f455e5a65725d6564727763]
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [Dead Peer Detection]
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [RFC 3947] method set to=109
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Nov 11 18:36:36 lme-fw2 pluto[3476]: packet from 9.10.82.82:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
responding to Main Mode
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
STATE_MAIN_R1: sent MR1, expecting MI2
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 11 18:36:36 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
STATE_MAIN_R2: sent MR2, expecting MI3
Nov 11 18:36:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635: Main
mode peer ID is ID_FQDN: '@eauclaire.local'
Nov 11 18:36:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 11 18:36:37 lme-fw2 pluto[3476]: "EauClaire-Everywhere" #10635:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_128 prf=oakley_sha group=modp2048}
More information about the Users
mailing list