[Openswan Users] Overload during rekey

Roel van Meer roel.vanmeer at bokxing.nl
Fri Oct 19 05:57:59 EDT 2012


Hi list,

I have a problem with an openswan setup that until yesterday has been 
running fine for years. It's a setup with a central openswan server and 
about 80 draytek routers, all with two tunnels. The drayteks initiate the 
connections.

The problem happens during a period in which rekey occurs.

What happens is this:
1. An admin restarts the openswan process.
2. A few seconds later, we have ~ 160 tunnels, everything working fine.
3. About 50 minutes later, the rekeying starts, pluto gets in state 'R' 
continously, tunnels start to break, and everything degrades from there.

The system runs a recent Slackware linux, has an Intel Xeon 2GHz processor, 
4GB memory, and runs Nagios alongside Openswan, but nothing more.

The system has been in production for more than two years. The last openswan
restart has been in Juli (everything worked fine then), and since then some 
5 tunnels have been added.

Can anyone shed some light on this?

Attached is an abbreviated config file, and part of the logfile, 
abbreviated to show only the connections of a single router. If anyone needs 
more information I'd be happy to provide it.

Thank you,

Roel

Additional info:
I've tried kernels 3.2.18 and 3.4.10 - no difference.
Kernel 3.2.18 had openswan stack 2.3.37, kernel 3.4.14 has openswan stack 
2.3.18.
It's Slackware 13.37, 64 bit, with all updates.

-------------- next part --------------
Oct 17 04:42:02 polariseer ipsec__plutorun: Starting Pluto subsystem...
Oct 17 04:42:02 polariseer pluto[27167]: Starting Pluto (Openswan Version 2.6.38; Vendor ID OEvy\134kgzWq\134s) pid:27167
Oct 17 04:42:02 polariseer pluto[27167]: LEAK_DETECTIVE support [disabled]
Oct 17 04:42:02 polariseer pluto[27167]: OCF support for IKE [disabled]
Oct 17 04:42:02 polariseer pluto[27167]: SAref support [disabled]: Protocol not available
Oct 17 04:42:02 polariseer pluto[27167]: SAbind support [disabled]: Protocol not available
Oct 17 04:42:02 polariseer pluto[27167]: NSS support [disabled]
Oct 17 04:42:02 polariseer pluto[27167]: HAVE_STATSD notification support not compiled in
Oct 17 04:42:02 polariseer pluto[27167]: Setting NAT-Traversal port-4500 floating to off
Oct 17 04:42:02 polariseer pluto[27167]:    port floating activation criteria nat_t=0/port_float=1
Oct 17 04:42:02 polariseer pluto[27167]:    NAT-Traversal support  [disabled]
Oct 17 04:42:02 polariseer pluto[27167]: using /dev/urandom as source of random entropy
Oct 17 04:42:02 polariseer pluto[27167]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Oct 17 04:42:02 polariseer pluto[27167]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Oct 17 04:42:02 polariseer pluto[27167]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Oct 17 04:42:02 polariseer pluto[27167]: starting up 3 cryptographic helpers
Oct 17 04:42:02 polariseer pluto[27169]: using /dev/urandom as source of random entropy
Oct 17 04:42:02 polariseer pluto[27167]: started helper pid=27169 (fd:6)
Oct 17 04:42:02 polariseer pluto[27167]: started helper pid=27171 (fd:7)
Oct 17 04:42:02 polariseer pluto[27167]: started helper pid=27172 (fd:8)
Oct 17 04:42:02 polariseer pluto[27167]: Using KLIPS IPsec interface code on 3.2.18-1
Oct 17 04:42:02 polariseer pluto[27171]: using /dev/urandom as source of random entropy
Oct 17 04:42:02 polariseer pluto[27172]: using /dev/urandom as source of random entropy
Oct 17 04:42:02 polariseer pluto[27167]: added connection description "v20"
Oct 17 04:42:02 polariseer pluto[27167]: added connection description "v202"
Oct 17 04:42:02 polariseer pluto[27167]: listening for IKE messages
Oct 17 04:42:02 polariseer pluto[27167]: adding interface ipsec0/eth1 zz.yyy.xxx.ww:500
Oct 17 04:42:02 polariseer pluto[27167]: loading secrets from "/etc/ipsec.secrets"
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 04:42:03 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: responding to Main Mode
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 04:42:03 polariseer pluto[27167]: "v20" #56: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: Dead Peer Detection (RFC 3706): enabled
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #56: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: responding to Quick Mode proposal {msgid:23d43801}
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: Dead Peer Detection (RFC 3706): enabled
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 04:42:04 polariseer pluto[27167]: "v20" #76: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0bb <0x8b6d0b5b xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 04:42:05 polariseer pluto[27167]: "v20" #56: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: responding to Quick Mode proposal {msgid:a98c53e1}
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: Dead Peer Detection (RFC 3706): enabled
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 04:42:05 polariseer pluto[27167]: "v202" #127: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0bc <0x8b6d0b70 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:32:09 polariseer pluto[27167]: "v20" #56: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:32:09 polariseer pluto[27167]: "v202" #349: can not start crypto helper: failed to find any available worker
Oct 17 05:32:09 polariseer pluto[27167]: "v202" #349: message in state STATE_QUICK_R0 ignored due to cryptographic overload
Oct 17 05:32:09 polariseer pluto[27167]: "v20" #56: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:32:09 polariseer pluto[27167]: "v20" #352: can not start crypto helper: failed to find any available worker
Oct 17 05:32:09 polariseer pluto[27167]: "v20" #352: message in state STATE_QUICK_R0 ignored due to cryptographic overload
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #56: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: responding to Quick Mode proposal {msgid:14650951}
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #56: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424: responding to Quick Mode proposal {msgid:dd2ccb09}
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424: keeping refhim=229 during rekey
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:32:10 polariseer pluto[27167]: "v202" #424: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:32:10 polariseer pluto[27167]: "v20" #423: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0be <0x8b6d0c16 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:32:11 polariseer pluto[27167]: "v202" #424: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:32:11 polariseer pluto[27167]: "v202" #424: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:32:11 polariseer pluto[27167]: "v202" #424: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0bd <0x8b6d0c17 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: responding to Main Mode
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:35:23 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: responding to Main Mode
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #569: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: responding to Quick Mode proposal {msgid:635a4927}
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: keeping refhim=141 during rekey
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #570: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: responding to Quick Mode proposal {msgid:9b958a75}
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: keeping refhim=229 during rekey
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:35:23 polariseer pluto[27167]: "v20" #578: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0bf <0x8b6d0c7d xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:35:23 polariseer pluto[27167]: "v202" #585: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c0 <0x8b6d0c81 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #570: DPD: No response from peer - declaring peer dead
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #570: DPD: Putting connection into %trap
Oct 17 05:40:51 polariseer pluto[27167]: "v202" #585: deleting state (STATE_QUICK_R2)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #570: deleting state (STATE_MAIN_R3)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #578: deleting state (STATE_QUICK_R2)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #569: deleting state (STATE_MAIN_R3)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #423: deleting state (STATE_QUICK_R2)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #76: deleting state (STATE_QUICK_R2)
Oct 17 05:40:51 polariseer pluto[27167]: "v20" #56: deleting state (STATE_MAIN_R3)
Oct 17 05:40:51 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x4d422e07
Oct 17 05:40:51 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x22e67085
Oct 17 05:40:51 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3304a8f1
Oct 17 05:40:51 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3b0cb0f9
Oct 17 05:40:52 polariseer pluto[27167]: "v20" #884: initiating Main Mode
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:40:53 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: responding to Main Mode
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:40:53 polariseer pluto[27167]: "v20" #932: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: responding to Quick Mode proposal {msgid:e46c7d9f}
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:40:53 polariseer pluto[27167]: "v202" #941: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c1 <0x8b6d0d0e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #932: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: responding to Quick Mode proposal {msgid:ed28a091}
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:41:00 polariseer pluto[27167]: "v20" #1110: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c2 <0x8b6d0d72 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:43:03 polariseer pluto[27167]: "v20" #884: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:43:03 polariseer pluto[27167]: "v20" #884: starting keying attempt 2 of at most 3
Oct 17 05:43:03 polariseer pluto[27167]: "v20" #1128: initiating Main Mode to replace #884
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:43:26 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: responding to Main Mode
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1154: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161: responding to Quick Mode proposal {msgid:b7985be2}
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161: keeping refhim=1960 during rekey
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:43:26 polariseer pluto[27167]: "v20" #1161: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1161: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1161: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1161: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c3 <0x8b6d0d7c xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:43:27 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: responding to Main Mode
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:43:27 polariseer pluto[27167]: "v20" #1166: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: responding to Quick Mode proposal {msgid:56504530}
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: keeping refhim=1630 during rekey
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:43:27 polariseer pluto[27167]: "v202" #1173: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c4 <0x8b6d0d86 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:45:13 polariseer pluto[27167]: "v20" #1128: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:45:13 polariseer pluto[27167]: "v20" #1128: starting keying attempt 3 of at most 3
Oct 17 05:45:13 polariseer pluto[27167]: "v20" #1465: initiating Main Mode to replace #1128
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1166: DPD: No response from peer - declaring peer dead
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1166: DPD: Putting connection into %trap
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1161: deleting state (STATE_QUICK_R2)
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1154: deleting state (STATE_MAIN_R3)
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1465: deleting state (STATE_MAIN_I1)
Oct 17 05:46:51 polariseer pluto[27167]: "v202" #1173: deleting state (STATE_QUICK_R2)
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1166: deleting state (STATE_MAIN_R3)
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #1110: deleting state (STATE_QUICK_R2)
Oct 17 05:46:51 polariseer pluto[27167]: "v20" #932: deleting state (STATE_MAIN_R3)
Oct 17 05:46:55 polariseer pluto[27167]: "v202" #424: DPD: could not find newest phase 1 state
Oct 17 05:46:55 polariseer pluto[27167]: "v202" #941: DPD: could not find newest phase 1 state
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1490: initiating Main Mode
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x64126e27
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x0043cad9
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:46:58 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: responding to Main Mode
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:46:58 polariseer pluto[27167]: "v20" #1554: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1554: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: responding to Quick Mode proposal {msgid:67187c45}
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:46:59 polariseer pluto[27167]: "v20" #1567: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c5 <0x8b6d0e1e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:47:01 polariseer pluto[27167]: "v20" #1554: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: responding to Quick Mode proposal {msgid:3258a642}
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:47:01 polariseer pluto[27167]: "v202" #1643: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c6 <0x8b6d0e46 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:48:53 polariseer pluto[27167]: "v20" #1490: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:48:53 polariseer pluto[27167]: "v20" #1490: starting keying attempt 2 of at most 3
Oct 17 05:48:53 polariseer pluto[27167]: "v20" #1837: initiating Main Mode to replace #1490
Oct 17 05:51:01 polariseer pluto[27167]: "v20" #1554: DPD: No response from peer - declaring peer dead
Oct 17 05:51:01 polariseer pluto[27167]: "v20" #1554: DPD: Putting connection into %trap
Oct 17 05:51:01 polariseer pluto[27167]: "v202" #1643: deleting state (STATE_QUICK_R2)
Oct 17 05:51:01 polariseer pluto[27167]: "v20" #1567: deleting state (STATE_QUICK_R2)
Oct 17 05:51:01 polariseer pluto[27167]: "v20" #1554: deleting state (STATE_MAIN_R3)
Oct 17 05:51:01 polariseer pluto[27167]: "v20" #1837: deleting state (STATE_MAIN_I1)
Oct 17 05:51:11 polariseer pluto[27167]: "v20" #1904: initiating Main Mode
Oct 17 05:51:11 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x2ff17784
Oct 17 05:51:11 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x1cc61bc5
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: responding to Main Mode
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:51:13 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: responding to Main Mode
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2049: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:51:13 polariseer pluto[27167]: "v202" #2064: responding to Quick Mode proposal {msgid:935df11b}
Oct 17 05:51:13 polariseer pluto[27167]: "v202" #2064:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:51:13 polariseer pluto[27167]: "v202" #2064:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:51:13 polariseer pluto[27167]: "v202" #2064: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:51:13 polariseer pluto[27167]: "v202" #2064: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2051: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2066: responding to Quick Mode proposal {msgid:cb983369}
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2066:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2066:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2066: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:51:13 polariseer pluto[27167]: "v20" #2066: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:51:14 polariseer pluto[27167]: "v202" #2064: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:51:14 polariseer pluto[27167]: "v202" #2064: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:51:14 polariseer pluto[27167]: "v202" #2064: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c7 <0x8b6d0ed6 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:51:14 polariseer pluto[27167]: "v20" #2066: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:51:14 polariseer pluto[27167]: "v20" #2066: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:51:14 polariseer pluto[27167]: "v20" #2066: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c8 <0x8b6d0ed8 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:52:41 polariseer pluto[27167]: "v20" #1904: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:52:41 polariseer pluto[27167]: "v20" #1904: starting keying attempt 2 of at most 3
Oct 17 05:52:41 polariseer pluto[27167]: "v20" #2256: initiating Main Mode to replace #1904
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: responding to Main Mode
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:53:14 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: responding to Main Mode
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2414: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2412: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444: responding to Quick Mode proposal {msgid:a8f795d2}
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444: keeping refhim=3097 during rekey
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:53:14 polariseer pluto[27167]: "v20" #2444: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:53:15 polariseer pluto[27167]: "v20" #2414: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: responding to Quick Mode proposal {msgid:e032d620}
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: keeping refhim=3089 during rekey
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:53:15 polariseer pluto[27167]: "v20" #2444: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:53:15 polariseer pluto[27167]: "v20" #2444: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:53:15 polariseer pluto[27167]: "v20" #2444: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0c9 <0x8b6d0f76 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:53:15 polariseer pluto[27167]: "v202" #2451: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0ca <0x8b6d0f7d xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:55:24 polariseer pluto[27167]: "v20" #2256: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:55:24 polariseer pluto[27167]: "v20" #2256: starting keying attempt 3 of at most 3
Oct 17 05:55:24 polariseer pluto[27167]: "v20" #2518: initiating Main Mode to replace #2256
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2414: DPD: No response from peer - declaring peer dead
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2414: DPD: Putting connection into %trap
Oct 17 05:57:24 polariseer pluto[27167]: "v202" #2451: deleting state (STATE_QUICK_R2)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2414: deleting state (STATE_MAIN_R3)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2049: deleting state (STATE_MAIN_R3)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2518: deleting state (STATE_MAIN_I1)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2444: deleting state (STATE_QUICK_R2)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2412: deleting state (STATE_MAIN_R3)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2066: deleting state (STATE_QUICK_R2)
Oct 17 05:57:24 polariseer pluto[27167]: "v20" #2051: deleting state (STATE_MAIN_R3)
Oct 17 05:57:24 polariseer pluto[27167]: "v202" #2064: DPD: could not find newest phase 1 state
Oct 17 05:57:28 polariseer pluto[27167]: "v20" #2575: initiating Main Mode
Oct 17 05:57:28 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x29478400
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: responding to Main Mode
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 05:57:31 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: responding to Main Mode
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2763: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: responding to Quick Mode proposal {msgid:71614307}
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2764: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: responding to Quick Mode proposal {msgid:a89b8250}
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:57:31 polariseer pluto[27167]: "v20" #2776: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0cb <0x8b6d0fd2 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: Dead Peer Detection (RFC 3706): enabled
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 05:57:31 polariseer pluto[27167]: "v202" #2780: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0cc <0x8b6d0fd4 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 05:59:10 polariseer pluto[27167]: "v20" #2575: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 05:59:10 polariseer pluto[27167]: "v20" #2575: starting keying attempt 2 of at most 3
Oct 17 05:59:10 polariseer pluto[27167]: "v20" #2908: initiating Main Mode to replace #2575
Oct 17 06:00:41 polariseer pluto[27167]: "v20" #2908: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 06:00:41 polariseer pluto[27167]: "v20" #2908: starting keying attempt 3 of at most 3
Oct 17 06:00:41 polariseer pluto[27167]: "v20" #2977: initiating Main Mode to replace #2908
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: responding to Main Mode
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [Dead Peer Detection]
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but port floating is off
Oct 17 06:00:55 polariseer pluto[27167]: packet from aaa.bbb.ccc.ddd:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: responding to Main Mode
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: OAKLEY_DES_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: OAKLEY_GROUP 1 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: Dead Peer Detection (RFC 3706): enabled
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: Main mode peer ID is ID_IPV4_ADDR: 'aaa.bbb.ccc.ddd'
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: Dead Peer Detection (RFC 3706): enabled
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3069: the peer proposed: 192.168.0.0/16:0/0 -> 10.12.13.0/24:0/0
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: responding to Quick Mode proposal {msgid:0fb0f37a}
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078:     us: 192.168.0.0/16===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: keeping refhim=3955 during rekey
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3071: the peer proposed: 10.0.0.0/24:0/0 -> 10.12.13.0/24:0/0
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: responding to Quick Mode proposal {msgid:48ec35c8}
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084:     us: 10.0.0.0/24===zz.yyy.xxx.ww<zz.yyy.xxx.ww>
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084:   them: aaa.bbb.ccc.ddd<aaa.bbb.ccc.ddd>===10.12.13.0/24
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: keeping refhim=3947 during rekey
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: Dead Peer Detection (RFC 3706): enabled
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 06:00:55 polariseer pluto[27167]: "v202" #3078: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0cd <0x8b6d101e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: Dead Peer Detection (RFC 3706): enabled
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 17 06:00:55 polariseer pluto[27167]: "v20" #3084: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7e08e0ce <0x8b6d1022 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}
Oct 17 06:04:16 polariseer pluto[27167]: "v20" #2977: max number of retransmissions (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #3071: DPD: No response from peer - declaring peer dead
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #3071: DPD: Putting connection into %trap
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #3069: deleting state (STATE_MAIN_R3)
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #3084: deleting state (STATE_QUICK_R2)
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #3071: deleting state (STATE_MAIN_R3)
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #2764: deleting state (STATE_MAIN_R3)
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #2776: deleting state (STATE_QUICK_R2)
Oct 17 06:05:44 polariseer pluto[27167]: "v20" #2763: deleting state (STATE_MAIN_R3)
Oct 17 06:06:11 polariseer pluto[27167]: "v202" #3078: DPD: could not find newest phase 1 state
Oct 17 06:06:11 polariseer pluto[27167]: "v202" #2780: DPD: could not find newest phase 1 state
-------------- next part --------------
version 2.0
	config setup
	interfaces="ipsec0=eth1"
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24,%v4:!10.10.0.0/16
        oe=off
        protostack=klips
	dumpdir=/var/run/pluto/


conn v20
        right=aaa.bbb.ccc.ddd
        rightsubnet=10.12.13.1/24
        also=general-amsterdam

conn v202
        right=aaa.bbb.ccc.ddd
        rightsubnet=10.12.13.1/24
        also=extra-amsterdam

conn general
        type=tunnel
        left=zz.yyy.xxx.ww
        leftsubnet=10.0.0.0/24
        authby=secret
        pfs=yes
        ike=3des
        keyingtries=3
        dpddelay=30
        dpdtimeout=150
        dpdaction=hold

conn general-amsterdam
        also=general
        auto=add
        rekey=no

conn extra-amsterdam
        type=tunnel
        left=zz.yyy.xxx.ww
        leftsubnet=192.168.0.0/16
        authby=secret
        pfs=yes
        ike=aes
        dpddelay=30
        dpdtimeout=150
        dpdaction=hold
        auto=add
        keyingtries=3
        rekey=no



More information about the Users mailing list