[Swan] authby=secret and authby=rsasig
Pavel Kopchyk
pkopchyk at gmail.com
Mon Mar 25 12:45:06 EET 2013
Hi,
I configure two connections (L2TP-CERT and L2TP-PSK) with different
types of authby - rsasig and secret.
After the client connects with a certificate, a second client with the
PSK can not connect.
Pluto tries to authorize a second client as the first (with a certificate).
** CERT
Mar 25 11:29:00 localhost pluto[5043]: |
Mar 25 11:29:00 localhost pluto[5043]: | *received 384 bytes from
12.X.X.X:500 on eth0 (port=500)
Mar 25 11:29:00 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
received Vendor ID payload [RFC 3947]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
received Vendor ID payload [FRAGMENTATION]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 25 11:29:00 localhost pluto[5043]: packet from 12.X.X.X:500:
ignoring Vendor ID payload [IKE CGA version 1]
Mar 25 11:29:00 localhost pluto[5043]: | instantiating "L2TP-CERT" for
initial Main Mode message received on 12.X.X.Y:500
Mar 25 11:29:00 localhost pluto[5043]: | instantiated "L2TP-CERT" for 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: | creating state object #1 at 0x155af68
Mar 25 11:29:00 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:00 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:00 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:00 localhost pluto[5043]: | inserting state object #1
Mar 25 11:29:00 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
responding to Main Mode from unknown peer 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Mar 25 11:29:00 localhost pluto[5043]: | complete state transition with STF_OK
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 25 11:29:00 localhost pluto[5043]: | sending reply packet to
12.X.X.X:500 (from port 500)
Mar 25 11:29:00 localhost pluto[5043]: | sending 164 bytes for
STATE_MAIN_R0 through eth0:500 to 12.X.X.X:500 (using #1)
Mar 25 11:29:00 localhost pluto[5043]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Mar 25 11:29:00 localhost pluto[5043]: | modecfg pull: noquirk
policy:push not-client
Mar 25 11:29:00 localhost pluto[5043]: | phase 1 is done, looking for
phase 2 to unpend
Mar 25 11:29:00 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:00 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: |
Mar 25 11:29:00 localhost pluto[5043]: | *received 388 bytes from
12.X.X.X:500 on eth0 (port=500)
Mar 25 11:29:00 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:00 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:00 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:00 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:00 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000000 vs 00000000
Mar 25 11:29:00 localhost pluto[5043]: | v1 state object #1 found, in
STATE_MAIN_R1
Mar 25 11:29:00 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
Mar 25 11:29:00 localhost pluto[5043]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Mar 25 11:29:00 localhost pluto[5043]: | helper -1 doing build_kenonce op id: 0
Mar 25 11:29:00 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: | started looking for secret
for @localhost.test.com->12.X.X.X of kind PPK_PSK
Mar 25 11:29:00 localhost pluto[5043]: | actually looking for secret
for @localhost.test.com->12.X.X.X of kind PPK_PSK
Mar 25 11:29:00 localhost pluto[5043]: | 1: compared key %any to
@localhost.test.com / 12.X.X.X -> 2
Mar 25 11:29:00 localhost pluto[5043]: | 2: compared key 12.X.X.Y to
@localhost.test.com / 12.X.X.X -> 2
Mar 25 11:29:00 localhost pluto[5043]: | line 3: match=2
Mar 25 11:29:00 localhost pluto[5043]: | best_match 0>2 best=0x1553b20 (line=3)
Mar 25 11:29:00 localhost pluto[5043]: | concluding with best_match=2
best=0x1553b20 (lineno=3)
Mar 25 11:29:00 localhost pluto[5043]: | parent1 type: 7 group: 14 len: 2680
Mar 25 11:29:00 localhost pluto[5043]: | helper -1 doing compute dh+iv op id: 0
Mar 25 11:29:00 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:00 localhost pluto[5043]: | complete state transition with STF_OK
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 25 11:29:00 localhost pluto[5043]: | sending reply packet to
12.X.X.X:500 (from port 500)
Mar 25 11:29:00 localhost pluto[5043]: | sending 448 bytes for
STATE_MAIN_R1 through eth0:500 to 12.X.X.X:500 (using #1)
Mar 25 11:29:00 localhost pluto[5043]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Mar 25 11:29:00 localhost pluto[5043]: | modecfg pull: noquirk
policy:push not-client
Mar 25 11:29:00 localhost pluto[5043]: | phase 1 is done, looking for
phase 2 to unpend
Mar 25 11:29:00 localhost pluto[5043]: | complete state transition
with STF_INLINE
Mar 25 11:29:00 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:00 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Mar 25 11:29:00 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Mar 25 11:29:01 localhost pluto[5043]: |
Mar 25 11:29:01 localhost pluto[5043]: | *received 1564 bytes from
12.X.X.X:4500 on eth0 (port=4500)
Mar 25 11:29:01 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000000 vs 00000000
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object #1 found, in
STATE_MAIN_R2
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
Main mode peer ID is ID_DER_ASN1_DN: ''
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1: no
crl from issuer "" found (strict=no)
Mar 25 11:29:01 localhost pluto[5043]: | reached self-signed root ca
Mar 25 11:29:01 localhost pluto[5043]: | requested CA: ''
Mar 25 11:29:01 localhost pluto[5043]: | started looking for secret
for @localhost.test.com->(none) of kind PPK_RSA
Mar 25 11:29:01 localhost pluto[5043]: | searching for certificate
PPK_PSK:N/A vs PPK_RSA:AwEAAcWlf
Mar 25 11:29:01 localhost pluto[5043]: | searching for certificate
PPK_RSA:AwEAAcWlf vs PPK_RSA:AwEAAcWlf
Mar 25 11:29:01 localhost pluto[5043]: | offered CA: ''
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[1] 12.X.X.X #1:
switched from "L2TP-CERT" to "L2TP-CERT"
Mar 25 11:29:01 localhost pluto[5043]: | instantiated "L2TP-CERT" for 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[1] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1:
deleting connection "L2TP-CERT" instance with peer 12.X.X.X
{isakmp=#0/ipsec=#0}
Mar 25 11:29:01 localhost pluto[5043]: | rel_lease_addr:109 pool is
null so no freeing
Mar 25 11:29:01 localhost pluto[5043]: | required CA is ''
Mar 25 11:29:01 localhost pluto[5043]: | key issuer CA is ''
Mar 25 11:29:01 localhost pluto[5043]: | an RSA Sig check passed with
*AwEAAeZNw [preloaded key]
Mar 25 11:29:01 localhost pluto[5043]: | thinking about whether to
send my certificate:
Mar 25 11:29:01 localhost pluto[5043]: | I have RSA key:
OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE
Mar 25 11:29:01 localhost pluto[5043]: | sendcert: CERT_ALWAYSSEND
and I did not get a certificate request
Mar 25 11:29:01 localhost pluto[5043]: | so send cert.
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1: I
am sending my cert
Mar 25 11:29:01 localhost pluto[5043]: | started looking for secret
for @localhost.test.com-> of kind PPK_RSA
Mar 25 11:29:01 localhost pluto[5043]: | searching for certificate
PPK_PSK:N/A vs PPK_RSA:AwEAAcWlf
Mar 25 11:29:01 localhost pluto[5043]: | searching for certificate
PPK_RSA:AwEAAcWlf vs PPK_RSA:AwEAAcWlf
Mar 25 11:29:01 localhost pluto[5043]: | searching for certificate
PPK_RSA:AwEAAcWlf vs PPK_RSA:AwEAAcWlf
Mar 25 11:29:01 localhost pluto[5043]: | complete state transition with STF_OK
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1: new
NAT mapping for #1, was 12.X.X.X:500, now 12.X.X.X:4500
Mar 25 11:29:01 localhost pluto[5043]: | sending reply packet to
12.X.X.X:4500 (from port 4500)
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1: new
NAT mapping for #1, was 12.X.X.X:500, now 12.X.X.X:4500
Mar 25 11:29:01 localhost pluto[5043]: | sending reply packet to
12.X.X.X:4500 (from port 4500)
Mar 25 11:29:01 localhost pluto[5043]: | sending 1440 bytes for
STATE_MAIN_R2 through eth0:4500 to 12.X.X.X:4500 (using #1)
Mar 25 11:29:01 localhost pluto[5043]: | inserting event
EVENT_SA_EXPIRE, timeout in 28800 seconds for #1
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=aes_256 prf=oakley_sha group=modp2048}
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000000 vs 00000000
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object #1 found, in
STATE_MAIN_R3
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1:
Dead Peer Detection (RFC 3706): not enabled because peer did not
advertise it
Mar 25 11:29:01 localhost pluto[5043]: | modecfg pull: noquirk
policy:push not-client
Mar 25 11:29:01 localhost pluto[5043]: | phase 1 is done, looking for
phase 2 to unpend
Mar 25 11:29:01 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:01 localhost pluto[5043]: | next event
EVENT_NAT_T_KEEPALIVE in 19 seconds
Mar 25 11:29:01 localhost pluto[5043]: | next event
EVENT_NAT_T_KEEPALIVE in 19 seconds
Mar 25 11:29:01 localhost pluto[5043]: |
Mar 25 11:29:01 localhost pluto[5043]: | *received 380 bytes from
12.X.X.X:4500 on eth0 (port=4500)
Mar 25 11:29:01 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_QUICK (32)
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000001 vs 00000000
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object not found
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000000 vs 00000000
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object #1 found, in
STATE_MAIN_R3
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: | peer client is 172.16.2.7
Mar 25 11:29:01 localhost pluto[5043]: | peer client protocol/port is 17/1701
Mar 25 11:29:01 localhost pluto[5043]: | our client is 12.X.X.Y
Mar 25 11:29:01 localhost pluto[5043]: | our client protocol/port is 17/1701
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1: the
peer proposed: 12.X.X.Y/32:17/1701 -> 172.16.2.7/32:17/0
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #1:
NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Mar 25 11:29:01 localhost pluto[5043]: | duplicating state object #1
Mar 25 11:29:01 localhost pluto[5043]: | creating state object #2 at 0x15848f8
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | inserting state object #2
Mar 25 11:29:01 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #2
Mar 25 11:29:01 localhost pluto[5043]: | helper -1 doing build_nonce op id: 0
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: | generate SPI: 06 c6 9c 61
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
responding to Quick Mode proposal {msgid:01000000}
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
us: 12.X.X.Y<12.X.X.Y>[@localhost.test.com]:17/1701
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
them: 12.X.X.X[]:17/1701===172.16.2.7/32
Mar 25 11:29:01 localhost pluto[5043]: | route owner of "L2TP-CERT"[2]
12.X.X.X unrouted: NULL
Mar 25 11:29:01 localhost pluto[5043]: | install_inbound_ipsec_sa()
checking if we can route
Mar 25 11:29:01 localhost pluto[5043]: | route owner of "L2TP-CERT"[2]
12.X.X.X unrouted: NULL; eroute owner: NULL
Mar 25 11:29:01 localhost pluto[5043]: | could_route called for
L2TP-CERT (kind=CK_INSTANCE)
Mar 25 11:29:01 localhost pluto[5043]: | checking if this is a replacement state
Mar 25 11:29:01 localhost pluto[5043]: | st=0x15848f8 ost=(nil)
st->serialno=#2 ost->serialno=#0
Mar 25 11:29:01 localhost pluto[5043]: | installing outgoing SA now as refhim=0
Mar 25 11:29:01 localhost pluto[5043]: | outgoing SA has refhim=1
Mar 25 11:29:01 localhost pluto[5043]: | complete state transition with STF_OK
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 25 11:29:01 localhost pluto[5043]: | sending reply packet to
12.X.X.X:4500 (from port 4500)
Mar 25 11:29:01 localhost pluto[5043]: | sending 176 bytes for
STATE_QUICK_R0 through eth0:4500 to 12.X.X.X:4500 (using #2)
Mar 25 11:29:01 localhost pluto[5043]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #2
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 25 11:29:01 localhost pluto[5043]: | modecfg pull: noquirk
policy:push not-client
Mar 25 11:29:01 localhost pluto[5043]: | phase 1 is done, looking for
phase 2 to unpend
Mar 25 11:29:01 localhost pluto[5043]: | complete state transition
with STF_INLINE
Mar 25 11:29:01 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:01 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #2
Mar 25 11:29:01 localhost pluto[5043]: | next event EVENT_RETRANSMIT
in 10 seconds for #2
Mar 25 11:29:01 localhost pluto[5043]: |
Mar 25 11:29:01 localhost pluto[5043]: | *received 60 bytes from
12.X.X.X:4500 on eth0 (port=4500)
Mar 25 11:29:01 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_QUICK (32)
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#2, provided msgid 00000001 vs 00000001
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object #2 found, in
STATE_QUICK_R1
Mar 25 11:29:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:01 localhost pluto[5043]: | install_ipsec_sa() for #2:
outbound only
Mar 25 11:29:01 localhost pluto[5043]: | route owner of "L2TP-CERT"[2]
12.X.X.X unrouted: NULL; eroute owner: NULL
Mar 25 11:29:01 localhost pluto[5043]: | could_route called for
L2TP-CERT (kind=CK_INSTANCE)
Mar 25 11:29:01 localhost pluto[5043]: | ICOOKIE: 59 64 4b 22 63 2c c8 a4
Mar 25 11:29:01 localhost pluto[5043]: | RCOOKIE: 75 b7 43 c9 f2 1c be fe
Mar 25 11:29:01 localhost pluto[5043]: | state hash entry 1
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#2, provided msgid 00000000 vs 00000001
Mar 25 11:29:01 localhost pluto[5043]: | v1 peer and cookies match on
#1, provided msgid 00000000 vs 00000000
Mar 25 11:29:01 localhost pluto[5043]: | v1 state object #1 found, in
STATE_MAIN_R3
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
Dead Peer Detection (RFC 3706): not enabled because peer did not
advertise it
Mar 25 11:29:01 localhost pluto[5043]: | complete state transition with STF_OK
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 25 11:29:01 localhost pluto[5043]: | inserting event
EVENT_SA_EXPIRE, timeout in 3600 seconds for #2
Mar 25 11:29:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #2:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x599df231
<0x06c69c61 xfrm=AES_128-HMAC_SHA1 NATOA=172.16.2.7 NATD=12.X.X.X:4500
DPD=none}
Mar 25 11:29:01 localhost pluto[5043]: | modecfg pull: noquirk
policy:push not-client
Mar 25 11:29:01 localhost pluto[5043]: | phase 1 is done, looking for
phase 2 to unpend
Mar 25 11:29:01 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:20 localhost pluto[5043]: |
Mar 25 11:29:20 localhost pluto[5043]: | next event
EVENT_NAT_T_KEEPALIVE in 0 seconds
Mar 25 11:29:20 localhost pluto[5043]: | *time to handle event
Mar 25 11:29:20 localhost pluto[5043]: | handling event EVENT_NAT_T_KEEPALIVE
Mar 25 11:29:20 localhost pluto[5043]: | event after this is
EVENT_PENDING_DDNS in 27 seconds
Mar 25 11:29:20 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:20 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:20 localhost pluto[5043]: | next event EVENT_PENDING_DDNS
in 27 seconds
*** PSK
Mar 25 11:29:52 localhost pluto[5043]: |
Mar 25 11:29:52 localhost pluto[5043]: | *received 500 bytes from
12.X.X.X:1 on eth0 (port=500)
Mar 25 11:29:52 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [RFC 3947]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [FRAGMENTATION 80000000]
Mar 25 11:29:52 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [Dead Peer Detection]
Mar 25 11:29:52 localhost pluto[5043]: | creating state object #3 at 0x157d218
Mar 25 11:29:52 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:52 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:52 localhost pluto[5043]: | RCOOKIE: 7c 68 05 c4 bd 79 91 26
Mar 25 11:29:52 localhost pluto[5043]: | state hash entry 6
Mar 25 11:29:52 localhost pluto[5043]: | inserting state object #3
Mar 25 11:29:52 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #3
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
responding to Main Mode from unknown peer 12.X.X.X
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3: no
acceptable Oakley Transform
Mar 25 11:29:52 localhost pluto[5043]: | complete state transition with (null)
Mar 25 11:29:52 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #3:
sending notification NO_PROPOSAL_CHOSEN to 12.X.X.X:1
Mar 25 11:29:52 localhost pluto[5043]: | sending 40 bytes for
notification packet through eth0:500 to 12.X.X.X:1 (using #3)
Mar 25 11:29:52 localhost pluto[5043]: | state transition function for
STATE_MAIN_R0 failed: NO_PROPOSAL_CHOSEN
Mar 25 11:29:52 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:52 localhost pluto[5043]: | next event EVENT_SO_DISCARD
in 0 seconds for #3
Mar 25 11:29:52 localhost pluto[5043]: | *time to handle event
Mar 25 11:29:52 localhost pluto[5043]: | handling event EVENT_SO_DISCARD
Mar 25 11:29:52 localhost pluto[5043]: | event after this is
EVENT_PENDING_DDNS in 55 seconds
Mar 25 11:29:52 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:52 localhost pluto[5043]: | deleting state #3
Mar 25 11:29:52 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:52 localhost pluto[5043]: | RCOOKIE: 7c 68 05 c4 bd 79 91 26
Mar 25 11:29:52 localhost pluto[5043]: | state hash entry 6
Mar 25 11:29:52 localhost pluto[5043]: | next event EVENT_PENDING_DDNS
in 55 seconds
Mar 25 11:29:55 localhost pluto[5043]: |
Mar 25 11:29:55 localhost pluto[5043]: | *received 500 bytes from
12.X.X.X:1 on eth0 (port=500)
Mar 25 11:29:55 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [RFC 3947]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [FRAGMENTATION 80000000]
Mar 25 11:29:55 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [Dead Peer Detection]
Mar 25 11:29:55 localhost pluto[5043]: | creating state object #4 at 0x157d218
Mar 25 11:29:55 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:55 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:55 localhost pluto[5043]: | RCOOKIE: 67 a7 fb 33 c7 70 8f 0c
Mar 25 11:29:55 localhost pluto[5043]: | state hash entry 16
Mar 25 11:29:55 localhost pluto[5043]: | inserting state object #4
Mar 25 11:29:55 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #4
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
responding to Main Mode from unknown peer 12.X.X.X
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4: no
acceptable Oakley Transform
Mar 25 11:29:55 localhost pluto[5043]: | complete state transition with (null)
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
sending notification NO_PROPOSAL_CHOSEN to 12.X.X.X:1
Mar 25 11:29:55 localhost pluto[5043]: | sending 40 bytes for
notification packet through eth0:500 to 12.X.X.X:1 (using #4)
: policy does not allow OAKLEY_PRESHARED_KEY authentication.
Attribute OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4: no
acceptable Oakley Transform
Mar 25 11:29:55 localhost pluto[5043]: | complete state transition with (null)
Mar 25 11:29:55 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #4:
sending notification NO_PROPOSAL_CHOSEN to 12.X.X.X:1
Mar 25 11:29:55 localhost pluto[5043]: | sending 40 bytes for
notification packet through eth0:500 to 12.X.X.X:1 (using #4)
Mar 25 11:29:55 localhost pluto[5043]: | state transition function for
STATE_MAIN_R0 failed: NO_PROPOSAL_CHOSEN
Mar 25 11:29:55 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:55 localhost pluto[5043]: | next event EVENT_SO_DISCARD
in 0 seconds for #4
Mar 25 11:29:55 localhost pluto[5043]: | *time to handle event
Mar 25 11:29:55 localhost pluto[5043]: | handling event EVENT_SO_DISCARD
Mar 25 11:29:55 localhost pluto[5043]: | event after this is
EVENT_PENDING_DDNS in 52 seconds
Mar 25 11:29:55 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:55 localhost pluto[5043]: | deleting state #4
Mar 25 11:29:55 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:55 localhost pluto[5043]: | RCOOKIE: 67 a7 fb 33 c7 70 8f 0c
Mar 25 11:29:55 localhost pluto[5043]: | state hash entry 16
Mar 25 11:29:55 localhost pluto[5043]: | next event EVENT_PENDING_DDNS
in 52 seconds
Mar 25 11:29:58 localhost pluto[5043]: |
Mar 25 11:29:58 localhost pluto[5043]: | *received 500 bytes from
12.X.X.X:1 on eth0 (port=500)
Mar 25 11:29:58 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [RFC 3947]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [FRAGMENTATION 80000000]
Mar 25 11:29:58 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [Dead Peer Detection]
Mar 25 11:29:58 localhost pluto[5043]: | creating state object #5 at 0x157d218
Mar 25 11:29:58 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:58 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:58 localhost pluto[5043]: | RCOOKIE: a5 9d 72 0a 5b bb b6 e4
Mar 25 11:29:58 localhost pluto[5043]: | state hash entry 0
Mar 25 11:29:58 localhost pluto[5043]: | inserting state object #5
Mar 25 11:29:58 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #5
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
responding to Main Mode from unknown peer 12.X.X.X
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5: no
acceptable Oakley Transform
Mar 25 11:29:58 localhost pluto[5043]: | complete state transition with (null)
Mar 25 11:29:58 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #5:
sending notification NO_PROPOSAL_CHOSEN to 12.X.X.X:1
Mar 25 11:29:58 localhost pluto[5043]: | sending 40 bytes for
notification packet through eth0:500 to 12.X.X.X:1 (using #5)
Mar 25 11:29:58 localhost pluto[5043]: | state transition function for
STATE_MAIN_R0 failed: NO_PROPOSAL_CHOSEN
Mar 25 11:29:58 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:29:58 localhost pluto[5043]: | next event EVENT_SO_DISCARD
in 0 seconds for #5
Mar 25 11:29:58 localhost pluto[5043]: | *time to handle event
Mar 25 11:29:58 localhost pluto[5043]: | handling event EVENT_SO_DISCARD
Mar 25 11:29:58 localhost pluto[5043]: | event after this is
EVENT_PENDING_DDNS in 49 seconds
Mar 25 11:29:58 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:29:58 localhost pluto[5043]: | deleting state #5
Mar 25 11:29:58 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:29:58 localhost pluto[5043]: | RCOOKIE: a5 9d 72 0a 5b bb b6 e4
Mar 25 11:29:58 localhost pluto[5043]: | state hash entry 0
Mar 25 11:29:58 localhost pluto[5043]: | next event EVENT_PENDING_DDNS
in 49 seconds
Mar 25 11:30:01 localhost pluto[5043]: |
Mar 25 11:30:01 localhost pluto[5043]: | *received 500 bytes from
12.X.X.X:1 on eth0 (port=500)
Mar 25 11:30:01 localhost pluto[5043]: | processing version=1.0
packet with exchange type=ISAKMP_XCHG_IDPROT (2)
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [RFC 3947]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-08]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-07]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-06]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-05]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-04]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [FRAGMENTATION 80000000]
Mar 25 11:30:01 localhost pluto[5043]: packet from 12.X.X.X:1:
received Vendor ID payload [Dead Peer Detection]
Mar 25 11:30:01 localhost pluto[5043]: | creating state object #6 at 0x157d218
Mar 25 11:30:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:30:01 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:30:01 localhost pluto[5043]: | RCOOKIE: 5c 86 df 35 55 a1 ce 58
Mar 25 11:30:01 localhost pluto[5043]: | state hash entry 8
Mar 25 11:30:01 localhost pluto[5043]: | inserting state object #6
Mar 25 11:30:01 localhost pluto[5043]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #6
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
responding to Main Mode from unknown peer 12.X.X.X
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
policy does not allow OAKLEY_PRESHARED_KEY authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6: no
acceptable Oakley Transform
Mar 25 11:30:01 localhost pluto[5043]: | complete state transition with (null)
Mar 25 11:30:01 localhost pluto[5043]: "L2TP-CERT"[2] 12.X.X.X #6:
sending notification NO_PROPOSAL_CHOSEN to 12.X.X.X:1
Mar 25 11:30:01 localhost pluto[5043]: | sending 40 bytes for
notification packet through eth0:500 to 12.X.X.X:1 (using #6)
Mar 25 11:30:01 localhost pluto[5043]: | state transition function for
STATE_MAIN_R0 failed: NO_PROPOSAL_CHOSEN
Mar 25 11:30:01 localhost pluto[5043]: | * processed 0 messages from
cryptographic helpers
Mar 25 11:30:01 localhost pluto[5043]: | next event EVENT_SO_DISCARD
in 0 seconds for #6
Mar 25 11:30:01 localhost pluto[5043]: | *time to handle event
Mar 25 11:30:01 localhost pluto[5043]: | handling event EVENT_SO_DISCARD
Mar 25 11:30:01 localhost pluto[5043]: | event after this is
EVENT_PENDING_DDNS in 46 seconds
Mar 25 11:30:01 localhost pluto[5043]: | processing connection
L2TP-CERT[2] 12.X.X.X
Mar 25 11:30:01 localhost pluto[5043]: | deleting state #6
Mar 25 11:30:01 localhost pluto[5043]: | ICOOKIE: 2a c3 b9 33 2e 85 a4 a4
Mar 25 11:30:01 localhost pluto[5043]: | RCOOKIE: 5c 86 df 35 55 a1 ce 58
Mar 25 11:30:01 localhost pluto[5043]: | state hash entry 8
Mar 25 11:30:01 localhost pluto[5043]: | next event EVENT_PENDING_DDNS
in 46 seconds
Pavel
More information about the Swan
mailing list