[Swan] mis-matched phase 2 settings cause infinite rekeys, high load, and broad failure across unrelated tunnels
Terell Moore
terell at redoxengine.com
Tue Sep 4 22:08:16 UTC 2018
Hello,
I've been running into an issue with Linux Libreswan 3.23 where
occasionally, mis-matched phase 2 algorithms between my Libreswan instance
and a remote peer causes the Libreswan instance to enter an infinite cycle
of rekeys. The last few times we've seen this, there was broad failure for
most of the tunnels on the machine and required a restart of ipsec. We're
pretty confident, but not 100%, that it's related.
This behavior has been observed when the following properties have been
mis-matched:
- left/rightsubnets
- phase2alg
- pfs
Note that this doesn't happen every time the properties are mis-matched,
but the times it does happen seem to be with random types of remote devices
with no clear pattern. It's also important to note that sometimes this
infinite cycle of rekeys happens after the VPN has been up and functional
for a while, without any changes -- in this case (and only this case),
deleting the connection and re-adding it has caused the problem to go away.
We've tried several options in the connection config such as rekey,
rekeymargin, rekeyfuzz, and keyingtries to no avail.
Is there a setting in Libreswan that will allow us to limit the amount of
rekeys that will be attempted?
The logs at /var/log/auth.log look like this when the infinite rekeys
happen:
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: added connection
description "connection-name/1x1"
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: added connection
description "connection-name/1x2"
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: added connection
description "connection-name/2x1"
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: added connection
description "connection-name/2x2"
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: initiating all conns with
alias='connection-name'
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: initiating Main Mode
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: ignoring unknown Vendor ID payload
[ac99ed0026a89f5237b5ee2d1b068818]
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: Peer ID is ID_IPV4_ADDR: 'remote.peer.ip.address.here'
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_256 integ=sha group=MODP1024}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608933: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608932 msgid:8f986b79
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608934: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608932 msgid:4fe8bd86
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608935: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608932 msgid:0ec37a6c
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608936: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608932 msgid:baf7a9cf
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: received Delete SA payload: self-deleting ISAKMP State #3608932
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: deleting state (STATE_MAIN_I4) and sending notification
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: reschedule pending Phase 2 of connection"connection-name/2x2"
state #3608936: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: reschedule pending Phase 2 of connection"connection-name/2x1"
state #3608935: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: reschedule pending Phase 2 of connection"connection-name/1x2"
state #3608934: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608932: reschedule pending Phase 2 of connection"connection-name/1x1"
state #3608933: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: initiating Main Mode
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608936: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608935: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608934: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608933: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: ignoring unknown Vendor ID payload
[22d4e2528380d12f0e4a7cf5da387920]
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: Peer ID is ID_IPV4_ADDR: 'remote.peer.ip.address.here'
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_256 integ=sha group=MODP1024}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608938: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608933 {using isakmp#3608937 msgid:10363055
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608939: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608934 {using isakmp#3608937 msgid:9f7b8e00
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608940: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608935 {using isakmp#3608937 msgid:1958758c
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608941: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608937 msgid:a8868357
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: received Delete SA payload: self-deleting ISAKMP State #3608937
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: deleting state (STATE_MAIN_I4) and sending notification
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: reschedule pending Phase 2 of connection"connection-name/2x2"
state #3608941: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: reschedule pending Phase 2 of connection"connection-name/2x1"
state #3608940: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: reschedule pending Phase 2 of connection"connection-name/1x2"
state #3608939: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608937: reschedule pending Phase 2 of connection"connection-name/1x1"
state #3608938: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: initiating Main Mode
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608941: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608940: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608939: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608938: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: ignoring unknown Vendor ID payload
[1f369b2bf00ef10eddd9436fb6b2922a]
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: Peer ID is ID_IPV4_ADDR: 'remote.peer.ip.address.here'
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_256 integ=sha group=MODP1024}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608943: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608938 {using isakmp#3608942 msgid:e370b1d9
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608944: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608939 {using isakmp#3608942 msgid:600a7a92
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608945: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608940 {using isakmp#3608942 msgid:7e4b60a3
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608946: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608942 msgid:d737a3db
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received and ignored informational message
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: received Delete SA payload: self-deleting ISAKMP State #3608942
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: deleting state (STATE_MAIN_I4) and sending notification
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: reschedule pending Phase 2 of connection"connection-name/2x2"
state #3608946: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: reschedule pending Phase 2 of connection"connection-name/2x1"
state #3608945: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: reschedule pending Phase 2 of connection"connection-name/1x2"
state #3608944: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608942: reschedule pending Phase 2 of connection"connection-name/1x1"
state #3608943: - the parent is going away
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: initiating Main Mode
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608946: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608945: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608944: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608943: deleting state (STATE_QUICK_I1)
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: ignoring unknown Vendor ID payload
[da31127699221eb7b3507d58fa19e884]
Sep 4 13:19:53 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: Peer ID is ID_IPV4_ADDR: 'remote.peer.ip.address.here'
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_256 integ=sha group=MODP1024}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608948: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608943 {using isakmp#3608947 msgid:e8cc82f6
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608949: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608944 {using isakmp#3608947 msgid:a4a8be08
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608950: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608945 {using isakmp#3608947 msgid:2193f9c5
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608951: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608947 msgid:73e435d1
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: received Delete SA payload: self-deleting ISAKMP State #3608947
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: deleting state (STATE_MAIN_I4) and sending notification
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: reschedule pending Phase 2 of connection"connection-name/2x2"
state #3608951: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: reschedule pending Phase 2 of connection"connection-name/2x1"
state #3608950: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: reschedule pending Phase 2 of connection"connection-name/1x2"
state #3608949: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608947: reschedule pending Phase 2 of connection"connection-name/1x1"
state #3608948: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: initiating Main Mode
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608951: deleting state (STATE_QUICK_I1)
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608950: deleting state (STATE_QUICK_I1)
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608949: deleting state (STATE_QUICK_I1)
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608948: deleting state (STATE_QUICK_I1)
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: ignoring unknown Vendor ID payload
[8217b7122fb9920f21803fd724aa8f3f]
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: Peer ID is ID_IPV4_ADDR: 'remote.peer.ip.address.here'
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_256 integ=sha group=MODP1024}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x1"
#3608953: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608948 {using isakmp#3608952 msgid:66a68d7b
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/1x2"
#3608954: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608949 {using isakmp#3608952 msgid:5d531290
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x1"
#3608955: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
to replace #3608950 {using isakmp#3608952 msgid:d635d475
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608956: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#3608952 msgid:251bed4e
proposal=AES_CBC_256-HMAC_SHA1_96-MODP1024 pfsgroup=no-pfs}
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=32
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received and ignored informational message
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: received Delete SA payload: self-deleting ISAKMP State #3608952
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: deleting state (STATE_MAIN_I4) and sending notification
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: reschedule pending Phase 2 of connection"connection-name/2x2"
state #3608956: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: reschedule pending Phase 2 of connection"connection-name/2x1"
state #3608955: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: reschedule pending Phase 2 of connection"connection-name/1x2"
state #3608954: - the parent is going away
Sep 4 13:19:54 ip-172-20-114-174 pluto[27097]: "connection-name/2x2"
#3608952: reschedule pending Phase 2 of connection"connection-name/1x1"
state #3608953: - the parent is going away
--
Terell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180904/20ec610d/attachment-0001.html>
More information about the Swan
mailing list