[Swan] Libreswan 4.7.1 possible race condition?
Vitaly Voronov
wizard1024 at gmail.com
Thu Aug 4 13:25:03 EEST 2022
Hello All,
I've got an interesting situation.
Both nodes connected to Cisco. Cisco isn't under my control.
Node1 has libreswan-4.4-1.el7_9.x86_64 version of Libreswan package,
Node2 has libreswan-4.7-1.el7.x86_64 version.
Both nodes uses CentOS 7.
We'd some network disconnects.
Node1 reestablished connection, Node2 - not.
Only manual start-stop connection on Node2 fixed situation.
I think, this is race condition.
Can you help in the investigation of this issue?
Config from Node1:
conn connXXX
type=tunnel
auto=start
authby=secret
compress=no
rekey=yes
left=xxx.xxx.xxx.xxx
leftsubnet=10.248.163.128/25
leftsourceip=10.248.163.200
leftnexthop= %defaultroute
right=yyy.yyy.yyy.yyy
rightsubnet=10.248.126.0/23
rightnexthop= %defaultroute
keyexchange=ike
pfs=yes
ikelifetime=28800s
salifetime=3600s
ikev2=permit
ike=aes128-sha2_256;modp2048
phase2alg=aes128-sha1
dpddelay=3
dpdtimeout=60
aggrmode=no
Logs:
Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213889: received Delete
SA payload: replace IPsec State #213965 now
Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213965: deleting state
(STATE_QUICK_I2) aged 2385.898189s and sending notification
Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213965: ESP traffic
information: in=1MB out=1MB
Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213978: initiating
Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO to
replace #213965 {using isakmp#213889 msgid:58cbc58c
proposal=AES_CBC_128-HMAC_SHA1_96 pfsgroup=MODP2048}
Aug 2 02:52:23 node3 pluto[21413]: "connXXX" #213978: sent Quick Mode
request, to replace #213965
Aug 2 02:52:24 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:24 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Aug 2 02:52:25 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Aug 2 02:52:27 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 4 seconds for response
Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 8 seconds for response
Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: initiating
Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO
{using isakmp#213889 msgid:77fd537e proposal=AES_CBC_128-HMAC_SHA1_96
pfsgroup=MODP2048}
Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: sent Quick Mode request
Aug 2 02:52:31 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:31 node3 pluto[21413]: "connXXX": assign_holdpass()
delete_bare_shunt() failed
Aug 2 02:52:32 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Aug 2 02:52:33 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Aug 2 02:52:35 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 4 seconds for response
Aug 2 02:52:39 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 16 seconds for response
Aug 2 02:52:39 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 8 seconds for response
Aug 2 02:52:47 node3 pluto[21413]: "connXXX" #213979: STATE_QUICK_I1:
retransmission; will wait 16 seconds for response
Aug 2 02:52:48 node3 pluto[21413]: "connXXX" #213979: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=77fd537e,
length=28
Aug 2 02:52:48 node3 pluto[21413]: "connXXX" #213979: IPsec SA
established tunnel mode {ESP=>0x080c1ae3 <0x358a95bc
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213889: the peer
proposed: 10.248.163.128/25 -<all>-> 10.248.126.0/23
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: IPsec SA
established tunnel mode {ESP=>0xb8de7067 <0x9856277b
xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: responding to
Quick Mode proposal {msgid:caf60bb7}
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: sent Quick Mode
reply, inbound IPsec SA installed, expecting confirmation tunnel mode
{ESP=>0xb8de7067 <0x9856277b xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none
NATD=none DPD=active}
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: STATE_QUICK_R1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:51 node3 pluto[21413]: "connXXX" #213980: us:
10.248.163.128/25===xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx> them:
yyy.yyy.yyy.yyy<yyy.yyy.yyy.yyy>===10.248.126.0/23
Aug 2 02:52:55 node3 pluto[21413]: "connXXX" #213978: STATE_QUICK_I1:
retransmission; will wait 32 seconds for response
Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: ERROR: netlink
response for Add SA esp.cfa8ac22 at 153.126.241.6 included errno 3: No
such process
Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=58cbc58c,
length=28
Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978:
setup_half_ipsec_sa() hit fail:
Aug 2 02:52:59 node3 pluto[21413]: "connXXX" #213978: state
transition function for STATE_QUICK_I1 had internal error
Aug 2 02:53:59 node3 pluto[21413]: "connXXX" #213978: deleting state
(STATE_QUICK_I1) aged 96.028758s and NOT sending notification
Aug 2 02:53:59 node3 pluto[21413]: "connXXX" #213978: ERROR: netlink
response for Del SA esp.cfa8ac22 at xxx.xxx.xxx.xxx included errno 3: No
such process
Node2:
Config:
conn connXXX
type=tunnel
auto=start
authby=secret
compress=no
rekey=yes
left=xxx.xxx.xxx.xxx
leftsubnet=10.248.163.0/25
leftsourceip=10.248.163.100
leftnexthop= %defaultroute
right=yyy.yyy.yyy.yyy
rightsubnet=10.248.126.0/23
rightnexthop= %defaultroute
keyexchange=ike
pfs=yes
ikelifetime=28800s
salifetime=3600s
ikev2=permit
ike=aes128-sha2_256;modp2048
phase2alg=aes128-sha1
dpddelay=3
dpdtimeout=60
Logs:
Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2238: received Delete
SA payload: replace IPsec State #2245 now
Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2245: deleting state
(STATE_QUICK_I2) aged 1969.446163s and sending notification
Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2245: ESP traffic
information: in=931KB out=991KB
Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2250: initiating Quick
Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES to
replace #2245 {using isakmp#2238 msgid:ddc494b8
proposal=AES_CBC_128-HMAC_SHA1_96 pfsgroup=MODP2048}
Aug 2 02:52:23 node2 pluto[13376]: "connXXX" #2250: sent Quick Mode
request, to replace #2245
Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: initiating Quick
Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
{using isakmp#2238 msgid:7082f587 proposal=AES_CBC_128-HMAC_SHA1_96
pfsgroup=MODP2048}
Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: sent Quick Mode request
Aug 2 02:52:24 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:24 node2 pluto[13376]: "connXXX": assign_holdpass()
delete_bare_shunt() failed
Aug 2 02:52:25 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Aug 2 02:52:25 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 1 seconds for response
Aug 2 02:52:26 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 2 seconds for response
Aug 2 02:52:27 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 4 seconds for response
Aug 2 02:52:28 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 4 seconds for response
Aug 2 02:52:31 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 8 seconds for response
Aug 2 02:52:32 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 8 seconds for response
Aug 2 02:52:39 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 16 seconds for response
Aug 2 02:52:40 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 16 seconds for response
Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2250: STATE_QUICK_I1:
retransmission; will wait 32 seconds for response
Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=9d6add9c,
length=28
Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: initiating Quick
Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
{using isakmp#2238 msgid:9d6add9c proposal=AES_CBC_128-HMAC_SHA1_96
pfsgroup=MODP2048}
Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: IPsec SA
established tunnel mode {ESP=>0x621158ed <0x7a5995ad
xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
Aug 2 02:52:55 node2 pluto[13376]: "connXXX" #2252: sent Quick Mode request
Aug 2 02:52:55 node2 pluto[13376]: "connXXX": assign_holdpass()
delete_bare_shunt() failed
Aug 2 02:52:56 node2 pluto[13376]: "connXXX" #2251: STATE_QUICK_I1:
retransmission; will wait 32 seconds for response
Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: ERROR: netlink
response for Add SA esp.fafc210b at xxx.xxx.xxx.xxx included errno 3: No
such process
Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=ddc494b8,
length=28
Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250:
setup_half_ipsec_sa() hit fail:
Aug 2 02:52:57 node2 pluto[13376]: "connXXX" #2250: state transition
function for STATE_QUICK_I1 had internal error
Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2238: the peer
proposed: 10.248.163.0/25 -<all>-> 10.248.126.0/23
Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: responding to
Quick Mode proposal {msgid:02e95d7c}
Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: sent Quick Mode
reply, inbound IPsec SA installed, expecting confirmation tunnel mode
{ESP=>0xc300fd35 <0x833a0e96 xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
Aug 2 02:52:58 node2 pluto[13376]: "connXXX" #2253: us:
10.248.163.0/25===xxx.xxx.xxx.xxx them:
yyy.yyy.yyy.yyy===10.248.126.0/23
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: ERROR: netlink
response for Add SA esp.89730d94 at xxx.xxx.xxx.xxx included errno 3: No
such process
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=7082f587,
length=28
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251:
setup_half_ipsec_sa() hit fail:
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2251: state transition
function for STATE_QUICK_I1 had internal error
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2253: STATE_QUICK_R1:
retransmission; will wait 0.5 seconds for response
Aug 2 02:52:59 node2 pluto[13376]: "connXXX" #2253: STATE_QUICK_R1:
retransmission; will wait 1 seconds for response
Aug 2 02:53:00 node2 pluto[13376]: "connXXX" #2253: IPsec SA
established tunnel mode {ESP=>0xc300fd35 <0x833a0e96
xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
Aug 2 02:53:57 node2 pluto[13376]: "connXXX" #2250: deleting state
(STATE_QUICK_I1) aged 93.653775s and NOT sending notification
Aug 2 02:53:59 node2 pluto[13376]: "connXXX" #2251: deleting state
(STATE_QUICK_I1) aged 95.550253s and NOT sending notification
Aug 2 02:54:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:06 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:11 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:16 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:21 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:26 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:31 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:36 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:42 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:47 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:52 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:54:57 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:03 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:08 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:33 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:38 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:55:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:09 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:14 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:19 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:24 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:29 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:34 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:39 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:56:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:09 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:14 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:20 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:25 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:30 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:35 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:40 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:45 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:50 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:57:55 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:05 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:10 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:16 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:21 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:26 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:31 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:36 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:41 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:46 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:51 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:58:56 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:02 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:07 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:12 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:17 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:22 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:27 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:32 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:37 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:42 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:47 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:52 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 02:59:57 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:02 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:07 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:33 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:38 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:43 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:48 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:53 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:00:58 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:03 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:08 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:13 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:18 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:23 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:28 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:34 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:39 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:44 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:49 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:54 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:01:59 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:04 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:10 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:15 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:20 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:25 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:30 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:35 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:40 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:45 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:50 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:02:55 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:03:00 node2 pluto[13376]: "connXXX" #2238: ignoring Delete
SA payload: PROTO_IPSEC_ESP SA(0x51734e2b) not found (maybe expired)
Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2238: deleting state
(STATE_MAIN_I4) aged 5954.557739s and sending notification
Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2252: deleting state
(STATE_QUICK_I2) aged 607.797639s and sending notification
Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2252: ESP traffic
information: in=1KB out=979B
Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2253: deleting state
(STATE_QUICK_R2) aged 604.307876s and sending notification
Aug 2 03:03:02 node2 pluto[13376]: "connXXX" #2253: ESP traffic
information: in=32KB out=60B
Aug 2 03:03:02 node2 pluto[13376]: "connXXX": terminating SAs using
this connection
Aug 2 03:03:10 node2 pluto[13376]: "connXXX": added IKEv1 connection
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: ignoring unknown
Vendor ID payload [0f 54 ea b6 bb 44 18 1a 22 33 00 f7 10 ca 2f 48]
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: IKE SA
established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA2_256
group=MODP2048}
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: initiating IKEv1
Main Mode connection
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: Peer ID is
ID_IPV4_ADDR: 'yyy.yyy.yyy.yyy'
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode I2
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode I3
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2254: sent Main Mode request
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: ignoring
informational payload IPSEC_RESPONDER_LIFETIME, msgid=69990cd7,
length=28
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: initiating Quick
Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
{using isakmp#2254 msgid:69990cd7 proposal=AES_CBC_128-HMAC_SHA1_96
pfsgroup=MODP2048}
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: IPsec SA
established tunnel mode {ESP=>0x37db9a74 <0xfbe6f435
xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=active}
Aug 2 03:03:16 node2 pluto[13376]: "connXXX" #2255: sent Quick Mode request
More information about the Swan
mailing list