[Openswan Users] Established Tunnel Not Passing Traffic
Neal Murphy
neal.p.murphy at alum.wpi.edu
Thu Jun 27 19:46:10 UTC 2013
It may be nothing, but why don't I see states QUICK_I1/R1/I2/R2? Possibly
mismatched params between the two ends? (Unless you method doesn't use them.)
On Thursday, June 27, 2013 02:42:26 PM Dave Ariens wrote:
> I spoke to soon... Nothing can traverse the tunnel.
>
> Here's some logs for vps1 during the time that traffic stopped...
>
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: initiating Main
> Mode to replace #5
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: received Vendor
> ID payload [Openswan (this version) 2.6.38 ]
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: received Vendor
> ID payload [Dead Peer Detection]
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: received Vendor
> ID payload [RFC 3947] method set to=115
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: enabling
> possible NAT-traversal with method RFC 3947 (NAT-Traversal)
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: transition from
> state STATE_MAIN_I1 to state STATE_MAIN_I2
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: STATE_MAIN_I2:
> sent MI2, expecting MR2
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: NAT-Traversal:
> Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: transition from
> state STATE_MAIN_I2 to state STATE_MAIN_I3
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: STATE_MAIN_I3:
> sent MI3, expecting MR3
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: received Vendor
> ID payload [CAN-IKEv2]
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: Main mode peer
> ID is ID_IPV4_ADDR: '173.254.195.244'
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: transition from
> state STATE_MAIN_I3 to state STATE_MAIN_I4
> Jun 27 13:46:39 vps1.layerzero.ca pluto[32576]: "vps2" #8: STATE_MAIN_I4:
> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128
> prf=oakley_sha group=modp2048}
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload [Openswan (this version)
> 2.6.38 ]
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload [Dead Peer Detection]
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload [RFC 3947] method set
> to=115 Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: responding to
> Main Mode
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: transition from
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: STATE_MAIN_R1:
> sent MR1, expecting MI2
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: NAT-Traversal:
> Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: transition from
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: STATE_MAIN_R2:
> sent MR2, expecting MI3
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: Main mode peer
> ID is ID_IPV4_ADDR: '173.254.195.244'
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: transition from
> state STATE_MAIN_R2 to state STATE_MAIN_R3
> Jun 27 13:47:01 vps1.layerzero.ca pluto[32576]: "vps2" #9: STATE_MAIN_R3:
> sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128
> prf=oakley_sha group=modp2048}
> Jun 27 13:51:04 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: Informational Exchange is for an unknown (expired?) SA
> with MSGID:0x58fb6264
> Jun 27 13:51:09 vps1.layerzero.ca pluto[32576]: "vps2" #5: received Delete
> SA payload: deleting ISAKMP State #5
> Jun 27 13:51:09 vps1.layerzero.ca pluto[32576]: packet from
> 173.254.195.244:500: received and ignored informational message
>
> On Thu, Jun 27, 2013 at 2:04 PM, Dave Ariens <dave at ariens.ca> wrote:
> > So far so good. After applying the rekeys=yes to the connections, I
> > restarted (systemctl restart openswan) yet the problem seemed to recur
> > twice. I then performed an ipsec auto --delete vps1/2 respectively, then
> > an add, then a restart--and it's been fine since. Looking into the
> > systemd scripts, it looks like a restart is a stop then a start (ipsec
> > _realsetup then stop ipsec _realsetup start).
> >
> > Could there be any artifacts of the previously established tunnel around
> > _somehow_? There's lots I don't understand about IPsec but can you
> > enlighten me about what's going on?
> >
> > On Thu, Jun 27, 2013 at 11:35 AM, <dave at ariens.ca> wrote:
> >> I will give that a shot. When I read up on it I understood that it was
> >> defaulted to 'yes'.
> >>
> >> Thanks
> >>
> >> www.ariens.ca
> >>
> >> *From: *Giovanni Carbone
> >>
> >> *Sent: *Thursday, June 27, 2013 11:20 AM
> >> *To: *Dave Ariens; users at lists.openswan.org
> >> *Subject: *RE: [Openswan Users] Established Tunnel Not Passing Traffic
> >>
> >> Try adding “rekey=yes” in the conn(s).
> >>
> >> Example:
> >>
> >>
> >>
> >> conn vps1
> >>
> >> authby=secret
> >>
> >> left=173.254.195.244
> >>
> >> leftsourceip=192.168.200.10
> >>
> >> leftsubnet=192.168.200.10/32
> >>
> >> right=64.237.39.24
> >>
> >> rightsubnet=192.168.100.10/32
> >>
> >> auto=start
> >>
> >> rekey=yes
> >>
> >> *From:* users-bounces at lists.openswan.org [mailto:
> >> users-bounces at lists.openswan.org] *On Behalf Of *Dave Ariens
> >> *Sent:* Thursday, June 27, 2013 4:26 PM
> >> *To:* users at lists.openswan.org
> >> *Subject:* [Openswan Users] Established Tunnel Not Passing Traffic
> >>
> >>
> >>
> >> Hey there guys (first time posting),
> >>
> >> I have two servers (VPS) one on the US east coast, another on US west
> >> coast. They both have an IPsec tunnel to my Juniper SRX firewall (on my
> >> home network in Ontario, Canada). This tunnel is rock solid and I never
> >> have any issues with it.
> >>
> >> I'm trying to configure an OpenSwan IPsec tunnel between the two VMs,
> >> and it's up and running, I can ping through the tunnel, but some time
> >> afterwards, traffic is unable to pass (tunnel remains established).
> >>
> >> This is really just a plain vanilla OpenSwan to OpenSwan implementation,
> >> below are some config details, and some logs.
> >>
> >> Can anyone help me identify why the tunnel stops passing traffic after
> >> some time < 15 minutes. I know the traffic stopped shortly after
> >> midnight this morning (see logs below)
> >>
> >>
> >>
> >> [ariens at vps1 ~]$ pacman -Qs openswan
> >>
> >> local/openswan 2.6.38-1
> >>
> >> Open Source implementation of IPsec for the Linux operating system
> >>
> >> VPS2:/etc/ipsec.conf
> >>
> >>
> >>
> >> version 2.0
> >>
> >> config setup
> >>
> >> dumpdir=/var/run/pluto/
> >>
> >> nat_traversal=yes
> >>
> >> virtual_private=%v4:
> >> 10.0.0.0/8,%v4:!192.168.200.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v
> >> 4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10<http://10.0.0.0/8,%25v4:%21192.1
> >> 68.200.0/24,%25v4:192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2
> >> 5v6:fd00::/8,%25v6:fe80::/10>
> >>
> >> oe=off
> >>
> >> protostack=netkey
> >>
> >> conn home.ariens.ca
> >>
> >> authby=secret
> >>
> >> left=173.254.195.244
> >>
> >> leftsourceip=192.168.200.10
> >>
> >> leftsubnet=0/0
> >>
> >> right=216.58.86.104
> >>
> >> rightsubnet=10.0.0.0/8
> >>
> >> auto=start
> >>
> >> conn vps1
> >>
> >> authby=secret
> >>
> >> left=173.254.195.244
> >>
> >> leftsourceip=192.168.200.10
> >>
> >> leftsubnet=192.168.200.10/32
> >>
> >> right=64.237.39.24
> >>
> >> rightsubnet=192.168.100.10/32
> >>
> >> auto=start
> >>
> >> VPS1:/etc/ipsec.conf
> >>
> >>
> >>
> >> version 2.0
> >>
> >>
> >>
> >> config setup
> >>
> >> dumpdir=/var/run/pluto/
> >>
> >> nat_traversal=yes
> >>
> >> virtual_private=%v4:
> >> 10.0.0.0/8,%v4:!192.168.100.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v
> >> 4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10<http://10.0.0.0/8,%25v4:%21192.1
> >> 68.100.0/24,%25v4:192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2
> >> 5v6:fd00::/8,%25v6:fe80::/10>
> >>
> >> oe=off
> >>
> >> protostack=netkey
> >>
> >> conn home.ariens.ca
> >>
> >> authby=secret
> >>
> >> left=64.237.39.24
> >>
> >> leftsourceip=192.168.100.10
> >>
> >> leftsubnet=0/0
> >>
> >> right=216.58.86.104
> >>
> >> rightsubnet=10.0.0.0/8
> >>
> >> auto=start
> >>
> >> conn vps2
> >>
> >> authby=secret
> >>
> >> left=64.237.39.24
> >>
> >> leftsourceip=192.168.100.10
> >>
> >> leftsubnet=192.168.100.10/32
> >>
> >> right=173.254.195.244
> >>
> >> rightsubnet=192.168.200.10/32
> >>
> >> auto=start
> >>
> >> Logs from VPS1:
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [Openswan (this version)
> >> 2.6.38 ]
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [RFC 3947] method set
> >> to=115
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-00]
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17: responding
> >> to Main Mode
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17: transition
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17:
> >> STATE_MAIN_R1: sent MR1, expecting MI2
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17: transition
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17:
> >> STATE_MAIN_R2: sent MR2, expecting MI3
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17: Main mode
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17: transition
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> >>
> >> Jun 27 00:04:49 vps1.layerzero.ca pluto[28819]: "vps2" #17:
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha
> >> group=modp2048}
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: received
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: received
> >> Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: received
> >> Vendor ID payload [RFC 3947] method set to=115
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: enabling
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: transition
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16:
> >> STATE_MAIN_I2: sent MI2, expecting MR2
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: transition
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16:
> >> STATE_MAIN_I3: sent MI3, expecting MR3
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: received
> >> Vendor ID payload [CAN-IKEv2]
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: Main mode
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16: transition
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4
> >>
> >> Jun 27 00:05:27 vps1.layerzero.ca pluto[28819]: "vps2" #16:
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> >> cipher=aes_128 prf=oakley_sha group=modp2048}
> >>
> >> Jun 27 00:09:01 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: Informational Exchange is for an unknown (expired?)
> >> SA with MSGID:0xf86c4eb8
> >>
> >> Jun 27 00:09:19 vps1.layerzero.ca pluto[28819]: "vps2" #13: received
> >> Delete SA payload: deleting ISAKMP State #13
> >>
> >> Jun 27 00:09:19 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received and ignored informational message
> >>
> >> Jun 27 00:48:54 vps1.layerzero.ca pluto[28819]: "vps2" #19: initiating
> >> Main Mode to replace #16
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [Openswan (this version)
> >> 2.6.38 ]
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload [RFC 3947] method set
> >> to=115
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-00]
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20: responding
> >> to Main Mode
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20: transition
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20:
> >> STATE_MAIN_R1: sent MR1, expecting MI2
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20: transition
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20:
> >> STATE_MAIN_R2: sent MR2, expecting MI3
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20: Main mode
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20: transition
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> >>
> >> Jun 27 01:00:57 vps1.layerzero.ca pluto[28819]: "vps2" #20:
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha
> >> group=modp2048}
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: received
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: received
> >> Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: received
> >> Vendor ID payload [RFC 3947] method set to=115
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: enabling
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: transition
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19:
> >> STATE_MAIN_I2: sent MI2, expecting MR2
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: transition
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19:
> >> STATE_MAIN_I3: sent MI3, expecting MR3
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: received
> >> Vendor ID payload [CAN-IKEv2]
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: Main mode
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19: transition
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4
> >>
> >> Jun 27 01:01:24 vps1.layerzero.ca pluto[28819]: "vps2" #19:
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> >> cipher=aes_128 prf=oakley_sha group=modp2048}
> >>
> >> Jun 27 01:04:49 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: Informational Exchange is for an unknown (expired?)
> >> SA with MSGID:0x4a2e1ab1
> >>
> >> Jun 27 01:05:27 vps1.layerzero.ca pluto[28819]: packet from
> >> 173.254.195.244:500: Informational Exchange is for an unknown (expired?)
> >> SA with MSGID:0x999b390f
> >>
> >> Logs for VPS2:
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: initiating
> >> Main Mode to replace #11
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: received
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: received
> >> Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: received
> >> Vendor ID payload [RFC 3947] method set to=115
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: enabling
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: transition
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13:
> >> STATE_MAIN_I2: sent MI2, expecting MR2
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: transition
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13:
> >> STATE_MAIN_I3: sent MI3, expecting MR3
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: received
> >> Vendor ID payload [CAN-IKEv2]
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: Main mode
> >> peer ID is ID_IPV4_ADDR: '64.237.39.24'
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13: transition
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4
> >>
> >> Jun 27 00:05:04 vps2.layerzero.ca pluto[29906]: "vps1" #13:
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> >> cipher=aes_128 prf=oakley_sha group=modp2048}
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload [Openswan (this version)
> >> 2.6.38 ]
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload [Dead Peer Detection]
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload [RFC 3947] method set
> >> to=115
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: received Vendor ID payload
> >> [draft-ietf-ipsec-nat-t-ike-00]
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14: responding
> >> to Main Mode
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14: transition
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14:
> >> STATE_MAIN_R1: sent MR1, expecting MI2
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14:
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT
> >> detected
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14: transition
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14:
> >> STATE_MAIN_R2: sent MR2, expecting MI3
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14: Main mode
> >> peer ID is ID_IPV4_ADDR: '64.237.39.24'
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14: transition
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> >>
> >> Jun 27 00:05:42 vps2.layerzero.ca pluto[29906]: "vps1" #14:
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha
> >> group=modp2048}
> >>
> >> Jun 27 00:09:34 vps2.layerzero.ca pluto[29906]: packet from
> >> 64.237.39.24:500: Informational Exchange is for an unknown (expired?) SA
> >> with MSGID:0xb8f1bbda
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >> www.ariens.ca
> >>
> >>
> >>
> >>
> >> Informativa Privacy - Ai sensi del D. Lgs n. 196/2003 (Codice Privacy)
> >> precisiamo che le informazioni contenute in questo messaggio sono
> >> riservate e a uso esclusivo del destinatario. Ogni uso, copia o
> >> distribuzione non autorizzata è proibita e passibile di sanzioni ai
> >> termini di legge. Reitek non è responsabile di eventuali copie o
> >> distribuzioni non autorizzate. Se questo messaggio è stato ricevuto per
> >> errore, preghiamo gentilmente di eliminarlo e di informare il mittente.
> >> Grazie.
> >
> > --
> > www.ariens.ca
More information about the Users
mailing list