[Swan] Stronswan / Libreswan - Tunnel disconnects and becomes prospective erouted
Madden, Joe
Joe.Madden at mottmac.com
Tue Sep 20 15:54:06 UTC 2016
Hi List,
Just trying to resolve an issue we have with VPN's disconnecting from a Stronswan client.
When I restart my end of the VPN the VPNs establish and operate fine. After a random amount of time with no apparent user action the some of the VPN tunnels will become "prospective erouted"
Our configuration is:
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
#plutodebug="all"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16
#plutodebug=control
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
conn ssl-iptrafficsig-1
authby= secret
auto= start
type= tunnel
nat_traversal= yes
forceencaps= no
rekeymargin= 3m
keyingtries= %forever
keylife= 60m
ikelifetime= 480m
ikev2= no
#RTT
left= 10.59.31.49
leftsubnets= {10.2.170.0/26,10.1.178.0/26,10.1.160.64/27,10.1.162.64/27,10.1.176.0/25,10.1.170.0/25,10.2.166.0/26,10.2.74.64/29,10.2.166.0/26,10.2.130.64/28,10.2.168.10/32,10.2.168.11/32,10.1.172.10/32,10.1.172.11/32}
leftid= 193.195.162.135
leftnexthop= 10.59.31.54
leftsourceip= 10.59.31.49
#SAA
right= 52.48.93.253
rightid= 52.48.93.253
rightsubnet= 10.199.0.0/28
ike= aes256-sha2_256;modp2048
phase2= esp
phase2alg= aes256-sha2_256;modp2048
pfs= yes
sha2_truncbug= no
#Dead Peer Detection
dpdaction= restart
Ipsec status shows:
000 "ssl-iptrafficsig-1/10x0": 10.2.130.64/28===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #5
000 "ssl-iptrafficsig-1/10x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/10x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/10x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/10x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/10x0": policy_label:unset;
000 "ssl-iptrafficsig-1/10x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/10x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/10x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/10x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/10x0": conn_prio: 28,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/10x0": newest ISAKMP SA: #0; newest IPsec SA: #5;
000 "ssl-iptrafficsig-1/10x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/10x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/10x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/10x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/10x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/10x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/11x0": 10.2.168.10/32===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #6
000 "ssl-iptrafficsig-1/11x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/11x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/11x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/11x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/11x0": policy_label:unset;
000 "ssl-iptrafficsig-1/11x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/11x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/11x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/11x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/11x0": conn_prio: 32,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/11x0": newest ISAKMP SA: #0; newest IPsec SA: #6;
000 "ssl-iptrafficsig-1/11x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/11x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/11x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/11x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/11x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/11x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/12x0": 10.2.168.11/32===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #7
000 "ssl-iptrafficsig-1/12x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/12x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/12x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/12x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/12x0": policy_label:unset;
000 "ssl-iptrafficsig-1/12x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/12x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/12x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/12x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/12x0": conn_prio: 32,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/12x0": newest ISAKMP SA: #0; newest IPsec SA: #7;
000 "ssl-iptrafficsig-1/12x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/12x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/12x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/12x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/12x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/12x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/13x0": 10.1.172.10/32===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #28
000 "ssl-iptrafficsig-1/13x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/13x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/13x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/13x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/13x0": policy_label:unset;
000 "ssl-iptrafficsig-1/13x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/13x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/13x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/13x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/13x0": conn_prio: 32,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/13x0": newest ISAKMP SA: #0; newest IPsec SA: #28;
000 "ssl-iptrafficsig-1/13x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/13x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/13x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/13x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/13x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/13x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/14x0": 10.1.172.11/32===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #9
000 "ssl-iptrafficsig-1/14x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/14x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/14x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/14x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/14x0": policy_label:unset;
000 "ssl-iptrafficsig-1/14x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/14x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/14x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/14x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/14x0": conn_prio: 32,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/14x0": newest ISAKMP SA: #0; newest IPsec SA: #9;
000 "ssl-iptrafficsig-1/14x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/14x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/14x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/14x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/14x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/14x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/1x0": 10.2.170.0/26===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #23
000 "ssl-iptrafficsig-1/1x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/1x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/1x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/1x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/1x0": policy_label:unset;
000 "ssl-iptrafficsig-1/1x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/1x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/1x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/1x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/1x0": conn_prio: 26,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/1x0": newest ISAKMP SA: #0; newest IPsec SA: #23;
000 "ssl-iptrafficsig-1/1x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/1x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/1x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/1x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/1x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/1x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/2x0": 10.1.178.0/26===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #26
000 "ssl-iptrafficsig-1/2x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/2x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/2x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/2x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/2x0": policy_label:unset;
000 "ssl-iptrafficsig-1/2x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/2x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/2x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/2x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/2x0": conn_prio: 26,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/2x0": newest ISAKMP SA: #0; newest IPsec SA: #26;
000 "ssl-iptrafficsig-1/2x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/2x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/2x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/2x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/2x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/2x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/3x0": 10.1.160.64/27===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #12
000 "ssl-iptrafficsig-1/3x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/3x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/3x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/3x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/3x0": policy_label:unset;
000 "ssl-iptrafficsig-1/3x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/3x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/3x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/3x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/3x0": conn_prio: 27,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/3x0": newest ISAKMP SA: #0; newest IPsec SA: #12;
000 "ssl-iptrafficsig-1/3x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/3x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/3x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/3x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/3x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/3x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/4x0": 10.1.162.64/27===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #13
000 "ssl-iptrafficsig-1/4x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/4x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/4x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/4x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/4x0": policy_label:unset;
000 "ssl-iptrafficsig-1/4x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/4x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/4x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/4x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/4x0": conn_prio: 27,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/4x0": newest ISAKMP SA: #0; newest IPsec SA: #13;
000 "ssl-iptrafficsig-1/4x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/4x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/4x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/4x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/4x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/4x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/5x0": 10.1.176.0/25===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #14
000 "ssl-iptrafficsig-1/5x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/5x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/5x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/5x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/5x0": policy_label:unset;
000 "ssl-iptrafficsig-1/5x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/5x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/5x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/5x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/5x0": conn_prio: 25,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/5x0": newest ISAKMP SA: #0; newest IPsec SA: #14;
000 "ssl-iptrafficsig-1/5x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/5x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/5x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/5x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/5x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/5x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/6x0": 10.1.170.0/25===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #27
000 "ssl-iptrafficsig-1/6x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/6x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/6x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/6x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/6x0": policy_label:unset;
000 "ssl-iptrafficsig-1/6x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/6x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/6x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/6x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/6x0": conn_prio: 25,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/6x0": newest ISAKMP SA: #0; newest IPsec SA: #27;
000 "ssl-iptrafficsig-1/6x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/6x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/6x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/6x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/6x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/6x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/7x0": 10.2.166.0/26===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #16
000 "ssl-iptrafficsig-1/7x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/7x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/7x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/7x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/7x0": policy_label:unset;
000 "ssl-iptrafficsig-1/7x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/7x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/7x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/7x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/7x0": conn_prio: 26,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/7x0": newest ISAKMP SA: #0; newest IPsec SA: #16;
000 "ssl-iptrafficsig-1/7x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/7x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/7x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/7x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/7x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/7x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/8x0": 10.2.74.64/29===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; erouted; eroute owner: #17
000 "ssl-iptrafficsig-1/8x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/8x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/8x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/8x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/8x0": policy_label:unset;
000 "ssl-iptrafficsig-1/8x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/8x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/8x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/8x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/8x0": conn_prio: 29,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/8x0": newest ISAKMP SA: #0; newest IPsec SA: #17;
000 "ssl-iptrafficsig-1/8x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/8x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/8x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/8x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/8x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 "ssl-iptrafficsig-1/8x0": ESP algorithm newest: AES_256-HMAC_SHA2_256; pfsgroup=MODP2048
000 "ssl-iptrafficsig-1/9x0": 10.2.166.0/26===10.59.31.49<10.59.31.49>[LOCAL_END_HOST]---10.59.31.54...REMOTE_END_HOST<REMOTE_END_HOST>===10.199.0.0/28; unrouted; eroute owner: #0
000 "ssl-iptrafficsig-1/9x0": oriented; my_ip=10.59.31.49; their_ip=unset
000 "ssl-iptrafficsig-1/9x0": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]
000 "ssl-iptrafficsig-1/9x0": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "ssl-iptrafficsig-1/9x0": labeled_ipsec:no;
000 "ssl-iptrafficsig-1/9x0": policy_label:unset;
000 "ssl-iptrafficsig-1/9x0": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 0;
000 "ssl-iptrafficsig-1/9x0": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ssl-iptrafficsig-1/9x0": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
000 "ssl-iptrafficsig-1/9x0": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
000 "ssl-iptrafficsig-1/9x0": conn_prio: 26,28; interface: eth1; metric: 0; mtu: unset; sa_prio:auto; nflog-group: unset;
000 "ssl-iptrafficsig-1/9x0": newest ISAKMP SA: #1; newest IPsec SA: #0;
000 "ssl-iptrafficsig-1/9x0": aliases: ssl-iptrafficsig-1
000 "ssl-iptrafficsig-1/9x0": IKE algorithms wanted: AES_CBC(7)_256-SHA2_256(4)_000-MODP2048(14)
000 "ssl-iptrafficsig-1/9x0": IKE algorithms found: AES_CBC(7)_256-SHA2_256(4)_256-MODP2048(14)
000 "ssl-iptrafficsig-1/9x0": IKE algorithm newest: AES_CBC_256-SHA2_256-MODP2048
000 "ssl-iptrafficsig-1/9x0": ESP algorithms wanted: AES(12)_256-SHA2_256(5)_000; pfsgroup=MODP2048(14)
000 "ssl-iptrafficsig-1/9x0": ESP algorithms loaded: AES(12)_256-SHA2_256(5)_000
000 Total IPsec connections: loaded 18, active 15
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(3), half-open(0), open(0), authenticated(3), anonymous(0)
000 IPsec SAs: total(20), authenticated(20), anonymous(0)
000
000 #5: "ssl-iptrafficsig-1/10x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2458s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #5: "ssl-iptrafficsig-1/10x0" esp.c12547a1 at REMOTE_END_HOST esp.fba10b48 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #6: "ssl-iptrafficsig-1/11x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2354s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #6: "ssl-iptrafficsig-1/11x0" esp.cc9e62a8 at REMOTE_END_HOST esp.858910c8 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #7: "ssl-iptrafficsig-1/12x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2419s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #7: "ssl-iptrafficsig-1/12x0" esp.c5799a78 at REMOTE_END_HOST esp.5705a8e8 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #28: "ssl-iptrafficsig-1/13x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2552s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #28: "ssl-iptrafficsig-1/13x0" esp.c6f6d061 at REMOTE_END_HOST esp.9672692a at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #9: "ssl-iptrafficsig-1/14x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2406s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #9: "ssl-iptrafficsig-1/14x0" esp.c4c54e51 at REMOTE_END_HOST esp.b1174378 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #23: "ssl-iptrafficsig-1/1x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2518s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #23: "ssl-iptrafficsig-1/1x0" esp.c98a55c4 at REMOTE_END_HOST esp.7c7e290f at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=58KB ESPin=567KB! ESPmax=4194303B
000 #20: "ssl-iptrafficsig-1/1x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2411s; isakmp#1; idle; import:admin initiate
000 #20: "ssl-iptrafficsig-1/1x0" esp.c401c664 at REMOTE_END_HOST esp.5ec26044 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #19: "ssl-iptrafficsig-1/1x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2405s; isakmp#1; idle; import:admin initiate
000 #19: "ssl-iptrafficsig-1/1x0" esp.ce619448 at REMOTE_END_HOST esp.6ac57625 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=2KB ESPin=2KB! ESPmax=4194303B
000 #10: "ssl-iptrafficsig-1/1x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2454s; isakmp#1; idle; import:admin initiate
000 #10: "ssl-iptrafficsig-1/1x0" esp.c27d9a00 at REMOTE_END_HOST esp.9ea667fc at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=2KB ESPin=1KB! ESPmax=4194303B
000 #26: "ssl-iptrafficsig-1/2x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2556s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #26: "ssl-iptrafficsig-1/2x0" esp.c5e48b50 at REMOTE_END_HOST esp.ce80491d at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=39KB ESPin=1MB! ESPmax=4194303B
000 #12: "ssl-iptrafficsig-1/3x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2469s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #12: "ssl-iptrafficsig-1/3x0" esp.c13c907e at REMOTE_END_HOST esp.1469cbba at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=2MB! ESPmax=4194303B
000 #13: "ssl-iptrafficsig-1/4x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2479s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #13: "ssl-iptrafficsig-1/4x0" esp.cc814da7 at REMOTE_END_HOST esp.162df46b at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=122KB ESPin=1MB! ESPmax=4194303B
000 #22: "ssl-iptrafficsig-1/5x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2380s; isakmp#1; idle; import:admin initiate
000 #22: "ssl-iptrafficsig-1/5x0" esp.cb7b9074 at REMOTE_END_HOST esp.3554ede3 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=372B ESPin=340B! ESPmax=4194303B
000 #14: "ssl-iptrafficsig-1/5x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2348s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #14: "ssl-iptrafficsig-1/5x0" esp.c9255d9a at REMOTE_END_HOST esp.8857fbd4 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=12KB ESPin=122KB! ESPmax=4194303B
000 #27: "ssl-iptrafficsig-1/6x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2436s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #27: "ssl-iptrafficsig-1/6x0" esp.c6ad61ed at REMOTE_END_HOST esp.db4b3c21 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #16: "ssl-iptrafficsig-1/7x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2483s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #16: "ssl-iptrafficsig-1/7x0" esp.c3e42509 at REMOTE_END_HOST esp.6a2fd0a8 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #17: "ssl-iptrafficsig-1/8x0":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2355s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #17: "ssl-iptrafficsig-1/8x0" esp.c80847c0 at REMOTE_END_HOST esp.a2ed620 at 10.59.31.49 tun.0 at REMOTE_END_HOST tun.0 at 10.59.31.49 ref=0 refhim=4294901761 Traffic: ESPout=10KB ESPin=98KB! ESPmax=4194303B
000 #1: "ssl-iptrafficsig-1/9x0":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27574s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000
000 Bare Shunt list:
000
Hoping someone has seen some behaviour like this before. I have other clients on this VPN with no issues therefore I suspect it's an issue with the strongswan instance.
Thanks
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160920/9bd0fb99/attachment-0001.html>
More information about the Swan
mailing list