[Users] Fw: Delivery problems

From: Stanley Tan (stanley_at_meliasynergy.com)
Date: Wed Nov 27 2002 - 19:02:39 CET

• Next message: esv: "[Users] problems with Freeswan 1.99+x509 with XP Roadwarrior"
• Previous message: Ken Bantoft: "Re: [Users] Samba Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>
> some how or rather, the "status 7" does note exisit anymore..
> I'm new in linux, and have really exhusted all things to try...I would
> greatly appreciate if you could help me with this one....
>
> Attached is the ispec.barf...
> Would greatly appreicate if you could help me to find out what's
> wrong...I've tried reading the faq....it does not seems to help...(or
maybe,
> I did not understand....)
>
> Thank you in advance..
>
> Best regards
> Stanley Tan
> ----- Original Message -----
> From: "Sam Sgro" <sam_at_freeswan.org>
> To: "Stanley Tan" <stanley_at_smsbunny.com>
> Cc: <users_at_lists.freeswan.org>
> Sent: Thursday, November 28, 2002 12:04 AM
> Subject: Re: [Users] HELP HELP!! INTERNAL ERROR, route Client command
exited
> with status 7
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > On Wed, 27 Nov 2002, Stanley Tan wrote:
> >
> > > Nov 27 20:49:52 localhost ipsec_setup: KLIPS ipsec0 on eth0
> 202.184.1.233/255.255.255.224 broadcast 202.184.1.255
> > > Nov 27 20:49:52 localhost ipsec_setup: ...FreeS/WAN IPsec started
> > > Nov 27 20:49:53 localhost ipsec__plutorun: 003 "bun-digi":
route-client
> command exited with status 7
> > > Nov 27 20:49:53 localhost ipsec__plutorun: 025 "bun-digi": could not
> route
> > > Nov 27 20:49:53 localhost ipsec__plutorun: ...could not route conn
> "bun-digi"
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 104 "bun-digi" #1:
> STATE_MAIN_I1: initiate
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 106 "bun-digi" #1:
> STATE_MAIN_I2: sent MI2, expecting MR2
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 108 "bun-digi" #1:
> STATE_MAIN_I3: sent MI3, expecting MR3
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 004 "bun-digi" #1:
> STATE_MAIN_I4: ISAKMP SA established
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 112 "bun-digi" #2:
> STATE_QUICK_I1: initiate
> > > Nov 27 20:51:04 localhost ipsec__plutorun: 003 "bun-digi" #2:
> route-client command exited with status 7
> >
> > We've tried to route the connection as you've defined it, but we've
failed
> for
> > some reason. Typically, it's because your "nexthop" is not actually
> accessible
> > on your network.
> >
> > Check your configuration details. Have you defined the appropriate
> "nexthop"
> > variable? (Even by using
"interfaces=%defaultroute"/"left=%defaultroute")
> You
> > should be able to turn plutodebugging to "all" to see the route command
> that's
> > failing.
> >
> > You can read the FAQ for more info.
> >
> > - --
> > Sam Sgro
> > sam_at_freeswan.org
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: 2.6.3ia
> > Charset: noconv
> > Comment: For the matching public key, finger the Reply-To: address.
> >
> > iQCVAwUBPeTtC0OSC4btEQUtAQGAgAP/e/a70zOWhuUiCjSn/EQPgQBBCI9ifHq+
> > ur25ehjIkwHck9soNZpBaOMEVGZZ/ZeRvo1pvn83w6v6PPjkJavLCqkIq4FFJqXT
> > 5PFDy54Vt0xzsAeOs3jEVF9iolbT0G79d5h0ClT/cbWVFA75xqVfsq1tFaYtvupg
> > ffTdMt4gCAE=
> > =aTvl
> > -----END PGP SIGNATURE-----
> >
>
> ------=_NextPart_000_0037_01C2967B.50AE28D0
> Content-Type: application/octet-stream;
> name="putty.log"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: attachment;
> filename="putty.log"
>
> =3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D PuTTY log 2002.11.28 =
> 01:08:43 =3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D~=3D
> aclearjoe aipsec barf > a =20
> localhost.localdomain
> Thu Nov 28 00:51:54 MYT 2002
> + _________________________ version
> + ipsec --version
> Linux FreeS/WAN 1.99
> See `ipsec --copyright' for copyright information.
> + _________________________ proc/version
> + cat /proc/version
> Linux version 2.4.18-18.8.0 (bhcompile_at_daffy.perf.redhat.com) (gcc =
> version 3.2 20020903 (Red Hat Linux 8.0 3.2-7)) #1 Thu Nov 14 00:10:29 =
> EST 2002
> + _________________________ proc/net/ipsec_eroute
> + sort +3 /proc/net/ipsec_eroute
> 0 10.1.2.0/24 -> 192.100.86.0/24 =3D> =
> tun0x1002_at_203.92.128.195
> + _________________________ netstart-rn
> + netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt =
> Iface
> 202.184.1.224 0.0.0.0 255.255.255.224 U 40 0 0 =
> eth0
> 202.184.1.224 0.0.0.0 255.255.255.224 U 40 0 0 =
> ipsec0
> 192.100.86.0 202.184.1.225 255.255.255.0 UG 40 0 0 =
> ipsec0
> 10.1.2.0 0.0.0.0 255.255.255.0 U 40 0 0 =
> eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 =
> lo
> 0.0.0.0 202.184.1.225 0.0.0.0 UG 40 0 0 =
> eth0
> + _________________________ proc/net/ipsec_spi
> + cat /proc/net/ipsec_spi
> tun0x1002_at_203.92.128.195 IPIP: dir=3Dout src=3D202.184.1.233 =
> life(c,s,h)=3Daddtime(229,0,0)
> tun0x1001_at_202.184.1.233 IPIP: dir=3Din src=3D203.92.128.195 =
> life(c,s,h)=3Daddtime(229,0,0)
> esp0x5c725b31_at_203.92.128.195 ESP_3DES_HMAC_MD5: dir=3Dout =
> src=3D202.184.1.233 iv_bits=3D64bits iv=3D0x1eb056f270306b6f ooowin=3D64 =
> alen=3D128 aklen=3D128 eklen=3D192 life(c,s,h)=3Daddtime(229,0,0)
> esp0xa2c7af59_at_202.184.1.233 ESP_3DES_HMAC_MD5: dir=3Din =
> src=3D203.92.128.195 iv_bits=3D64bits iv=3D0xbe88767ba568a436 =
> ooowin=3D64 alen=3D128 aklen=3D128 eklen=3D192 =
> life(c,s,h)=3Daddtime(229,0,0)
> + _________________________ proc/net/ipsec_spigrp
> + cat /proc/net/ipsec_spigrp
> tun0x1002_at_203.92.128.195 esp0x5c725b31_at_203.92.128.195=20
> tun0x1001_at_202.184.1.233 esp0xa2c7af59_at_202.184.1.233=20
> + _________________________ proc/net/ipsec_tncfg
> + cat /proc/net/ipsec_tncfg
> ipsec0 -> eth0 mtu=3D16260(1500) -> 1500
> ipsec1 -> NULL mtu=3D0(0) -> 0
> ipsec2 -> NULL mtu=3D0(0) -> 0
> ipsec3 -> NULL mtu=3D0(0) -> 0
> + _________________________ proc/net/pf_key
> + cat /proc/net/pf_key
> sock pid socket next prev e n p sndbf Flags Type =
> St
> ccdda5a0 3755 cdf487f4 0 0 0 0 2 65535 00000000 3 =
> 1
> + _________________________ proc/net/pf_key-star
> + cd /proc/net
> + egrep '^' pf_key_registered pf_key_supported
> pf_key_registered:satype socket pid sk
> pf_key_registered: 2 cdf487f4 3755 ccdda5a0
> pf_key_registered: 3 cdf487f4 3755 ccdda5a0
> pf_key_registered: 9 cdf487f4 3755 ccdda5a0
> pf_key_registered: 10 cdf487f4 3755 ccdda5a0
> pf_key_supported:satype exttype alg_id ivlen minbits maxbits
> pf_key_supported: 2 14 3 0 160 160
> pf_key_supported: 2 14 2 0 128 128
> pf_key_supported: 3 15 3 128 168 168
> pf_key_supported: 3 14 3 0 160 160
> pf_key_supported: 3 14 2 0 128 128
> pf_key_supported: 9 15 4 0 128 128
> pf_key_supported: 9 15 3 0 32 128
> pf_key_supported: 9 15 2 0 128 32
> pf_key_supported: 9 15 1 0 32 32
> pf_key_supported: 10 15 2 0 1 1
> + _________________________ proc/sys/net/ipsec-star
> + cd /proc/sys/net/ipsec
> + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink =
> debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose =
> debug_xform icmp inbound_policy_check tos
> debug_ah:0
> debug_eroute:0
> debug_esp:0
> debug_ipcomp:0
> debug_netlink:0
> debug_pfkey:0
> debug_radij:0
> debug_rcv:0
> debug_spi:0
> debug_tunnel:0
> debug_verbose:0
> debug_xform:0
> icmp:1
> inbound_policy_check:1
> tos:1
> + _________________________ ipsec/status
> + ipsec auto --status
> 000 interface ipsec0/eth0 202.184.1.233
> 000 =20
> 000 "bun-digi": =
> 10.1.2.0/24=3D=3D=3D202.184.1.233---202.184.1.225...203.92.128.5---203.92=
> ..128.195=3D=3D=3D192.100.86.0/24
> 000 "bun-digi": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: =
> 540s; rekey_fuzz: 100%; keyingtries: 0
> 000 "bun-digi": policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK; =
> interface: eth0; erouted
> 000 "bun-digi": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute =
> owner: #2
> 000 =20
> 000 #2: "bun-digi" STATE_QUICK_I2 (sent QI2, IPsec SA established); =
> EVENT_SA_REPLACE in 27853s; newest IPSEC; eroute owner
> 000 #2: "bun-digi" esp.5c725b31_at_203.92.128.195 =
> esp.a2c7af59_at_202.184.1.233 tun.1002_at_203.92.128.195 =
> tun.1001_at_202.184.1.233
> 000 #1: "bun-digi" STATE_MAIN_I4 (ISAKMP SA established); =
> EVENT_SA_REPLACE in 2501s; newest ISAKMP
> 000 =20
> + _________________________ ifconfig-a
> + ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:50:BA:C2:A7:2A =20
> inet addr:202.184.1.233 Bcast:202.184.1.255 =
> Mask:255.255.255.224
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:8522 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4984 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100=20
> RX bytes:671602 (655.8 Kb) TX bytes:715000 (698.2 Kb)
> Interrupt:10 Base address:0x7000=20
>
> eth1 Link encap:Ethernet HWaddr 00:05:5D:31:07:7D =20
> inet addr:10.1.2.1 Bcast:10.1.2.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1602 errors:0 dropped:0 overruns:0 frame:0
> TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100=20
> RX bytes:184838 (180.5 Kb) TX bytes:660 (660.0 b)
> Interrupt:3 Base address:0x9000=20
>
> ipsec0 Link encap:Ethernet HWaddr 00:50:BA:C2:A7:2A =20
> inet addr:202.184.1.233 Mask:255.255.255.224
> UP RUNNING NOARP MTU:16260 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10=20
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> ipsec1 Link encap:IPIP Tunnel HWaddr =20
> NOARP MTU:0 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10=20
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> ipsec2 Link encap:IPIP Tunnel HWaddr =20
> NOARP MTU:0 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10=20
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> ipsec3 Link encap:IPIP Tunnel HWaddr =20
> NOARP MTU:0 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10=20
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> lo Link encap:Local Loopback =20
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:20 errors:0 dropped:0 overruns:0 frame:0
> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0=20
> RX bytes:1540 (1.5 Kb) TX bytes:1540 (1.5 Kb)
>
> + _________________________ ipsec/directory
> + ipsec --directory
> /usr/local/lib/ipsec
> + _________________________ hostname/fqdn
> + hostname --fqdn
> localhost.localdomain
> + _________________________ hostname/ipaddress
> + hostname --ip-address
> 127.0.0.1=20
> + _________________________ uptime
> + uptime
> 12:51am up 57 min, 2 users, load average: 0.00, 0.00, 0.00
> + _________________________ ps
> + ps alxwf
> + egrep -i 'ppid|pluto|ipsec|klips'
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME =
> COMMAND
> 000 0 4112 3500 16 0 3824 1048 wait4 S pts/1 0:00 =
> \_ /bin/sh /usr/local/sbin/ipsec barf
> 000 0 4113 4112 19 0 3840 1092 wait4 S pts/1 0:00 =
> \_ /bin/sh /usr/local/lib/ipsec/barf
> 040 0 3746 1 19 0 2200 1064 wait4 S pts/1 0:00 =
> /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids=20
> 040 0 3751 3746 19 0 2200 1072 wait4 S pts/1 0:00 \_ =
> /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --unique
> 100 0 3755 3751 15 0 1968 876 schedu S pts/1 0:00 | =
> \_ /usr/local/lib/ipsec/pluto --nofork --debug-all --uniqu
> 000 0 3758 3755 20 0 1380 252 schedu S pts/1 0:00 | =
> \_ _pluto_adns -d 7 10
> 000 0 3752 3746 15 0 2188 1064 pipe_w S pts/1 0:00 \_ =
> /bin/sh /usr/local/lib/ipsec/_plutoload --load %search --st
> 000 0 3747 1 15 0 1324 456 pipe_w S pts/1 0:00 =
> logger -p daemon.error -t ipsec__plutorun
> + _________________________ ipsec/showdefaults
> + ipsec showdefaults
> routephys=3Deth0
> routephys=3Deth0
> routevirt=3Dipsec0
> routevirt=3Dipsec0
> routeaddr=3D202.184.1.233
> routeaddr=3D202.184.1.233
> routenexthop=3D202.184.1.225
> routenexthop=3D202.184.1.225
> defaultroutephys=3Deth0
> defaultroutevirt=3Dipsec0
> defaultrouteaddr=3D202.184.1.233
> defaultroutenexthop=3D202.184.1.225
> + _________________________ ipsec/conf
> + ipsec _include /etc/ipsec.conf
> + ipsec _keycensor
>
> #< /etc/ipsec.conf 1
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
>
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
>
>
>
> # basic configuration
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces=3D%defaultroute
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=3Dnone
> plutodebug=3Dall
> # Use auto=3D parameters in conn descriptions to control startup =
> actions.
> plutoload=3D%search
> plutostart=3D%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=3Dyes
>
>
>
> # defaults for subsequent connection descriptions
> # (these defaults will soon go away)
> conn %default
> keyingtries=3D0
> #disablearrivalcheck=3Dno
> #authby=3Drsasig
> #leftrsasigkey=3D%dnsondemand
> #rightrsasigkey=3D%dnsondemand
>
>
>
> conn bun-digi
> left=3D%defaultroute
> leftsubnet=3D10.1.2.0/24
> right=3D203.92.128.195
> rightsubnet=3D192.100.86.0/24
> rightnexthop=3D203.92.128.5
> auto=3Dstart
> pfs=3Dyes
> #keyingretries=3D0
>
> =20
> + _________________________ ipsec/secrets
> + ipsec _include /etc/ipsec.secrets
> + ipsec _secretcensor
>
> #< /etc/ipsec.secrets 1
> 202.184.1.233 203.92.128.195: PSK "[sums to 5084...]"
> 10.1.2.0 192.100.86.0: PSK "[sums to 5084...]"
>
> #10.1.2.0 192.100.86.0 "[sums to 5084...]"
> #202.184.1.233 202.190.29.12 : PSK "[sums to cc53...]"
> #10.1.2.0 10.1.3.0 : PSK "[sums to cc53...]"
> + _________________________ ipsec/ls-dir
> + ls -l /usr/local/lib/ipsec
> total 3144
> -rwxr-xr-x 1 root root 11102 Nov 18 12:28 _confread
> -rwxr-xr-x 1 root root 47903 Nov 18 12:28 _copyright
> -rwxr-xr-x 1 root root 2163 Nov 18 12:28 _include
> -rwxr-xr-x 1 root root 1472 Nov 18 12:28 _keycensor
> -rwxr-xr-x 1 root root 70783 Nov 18 12:28 _pluto_adns
> -rwxr-xr-x 1 root root 3495 Nov 18 12:28 _plutoload
> -rwxr-xr-x 1 root root 4335 Nov 18 12:28 _plutorun
> -rwxr-xr-x 1 root root 7450 Nov 18 12:28 _realsetup
> -rwxr-xr-x 1 root root 1971 Nov 18 12:28 _secretcensor
> -rwxr-xr-x 1 root root 7062 Nov 18 12:28 _startklips
> -rwxr-xr-x 1 root root 5014 Nov 18 12:28 _updown
> -rwxr-xr-x 1 root root 11404 Nov 18 12:28 auto
> -rwxr-xr-x 1 root root 7198 Nov 18 12:28 barf
> -rwxr-xr-x 1 root root 816 Nov 18 12:28 calcgoo
> -rwxr-xr-x 1 root root 318737 Nov 18 12:28 eroute
> -rwxr-xr-x 1 root root 141778 Nov 18 12:28 ikeping
> -rwxr-xr-x 1 root root 2915 Nov 18 12:28 ipsec
> -rw-r--r-- 1 root root 1950 Nov 18 12:28 =
> ipsec_pr.template
> -rwxr-xr-x 1 root root 169454 Nov 18 12:28 klipsdebug
> -rwxr-xr-x 1 root root 2437 Nov 18 12:28 look
> -rwxr-xr-x 1 root root 16157 Nov 18 12:28 manual
> -rwxr-xr-x 1 root root 1847 Nov 18 12:28 newhostkey
> -rwxr-xr-x 1 root root 144001 Nov 18 12:28 pf_key
> -rwxr-xr-x 1 root root 1074575 Nov 18 12:28 pluto
> -rwxr-xr-x 1 root root 52408 Nov 18 12:28 ranbits
> -rwxr-xr-x 1 root root 78546 Nov 18 12:28 rsasigkey
> -rwxr-xr-x 1 root root 16671 Nov 18 12:28 send-pr
> lrwxrwxrwx 1 root root 22 Nov 27 19:24 setup -> =
> /etc/rc.d/init.d/ipsec
> -rwxr-xr-x 1 root root 1041 Nov 18 12:28 showdefaults
> -rwxr-xr-x 1 root root 4205 Nov 18 12:28 showhostkey
> -rwxr-xr-x 1 root root 333138 Nov 18 12:28 spi
> -rwxr-xr-x 1 root root 268579 Nov 18 12:28 spigrp
> -rwxr-xr-x 1 root root 60155 Nov 18 12:28 tncfg
> -rwxr-xr-x 1 root root 16056 Nov 18 12:28 uml_netjig
> -rwxr-xr-x 1 root root 3353 Nov 18 12:28 verify
> -rwxr-xr-x 1 root root 212147 Nov 18 12:28 whack
> + _________________________ ipsec/updowns
> ++ ls /usr/local/lib/ipsec
> ++ egrep updown
> + cat /usr/local/lib/ipsec/_updown
> #! /bin/sh
> # default updown script
> # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
> #=20
> # This program is free software; you can redistribute it and/or modify =
> it
> # under the terms of the GNU General Public License as published by the
> # Free Software Foundation; either version 2 of the License, or (at your
> # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
> #=20
> # This program is distributed in the hope that it will be useful, but
> # WITHOUT ANY WARRANTY; without even the implied warranty of =
> MERCHANTABILITY
> # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public =
> License
> # for more details.
> #
> # RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
>
>
>
> # CAUTION: Installing a new version of FreeS/WAN will install a new
> # copy of this script, wiping out any custom changes you make. If
> # you need changes, make a copy of this under another name, and =
> customize
> # that, and use the (left/right)updown parameters in ipsec.conf to make
> # FreeS/WAN use yours instead of this default one.
>
>
>
> # check interface version
> case "$PLUTO_VERSION" in
> 1.[0])# Older Pluto?!? Play it safe, script may be using new features.
> echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
> echo "$0: called by obsolete Pluto?" >&2
> exit 2
> ;;
> 1.*);;
> *)echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
> exit 2
> ;;
> esac
>
> # check parameter(s)
> case "$1:$*" in
> ':')# no parameters
> ;;
> ipfwadm:ipfwadm)# due to (left/right)firewall; for default script only
> ;;
> custom:*)# custom parameters (see above CAUTION comment)
> ;;
> *)echo "$0: unknown parameters \`$*'" >&2
> exit 2
> ;;
> esac
>
> # utility functions for route manipulation
> # Meddling with this stuff should not be necessary and requires great =
> care.
> uproute() {
> doroute add
> }
> downroute() {
> doroute del
> }
> doroute() {
> parms=3D"-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
> parms2=3D"dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
> "0.0.0.0/0.0.0.0")
> # horrible kludge for obscure routing bug with opportunistic
> it=3D"route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
> route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
> ;;
> *)it=3D"route $1 $parms $parms2"
> ;;
> esac
> eval $it
> st=3D$?
> if test $st -ne 0
> then
> # route has already given its own cryptic message
> echo "$0: \`$it' failed" >&2
> if test " $1 $st" =3D " add 7"
> then
> # another totally undocumented interface -- 7 and
> # "SIOCADDRT: Network is unreachable" means that
> # the gateway isn't reachable.
> echo "$0: (incorrect or missing nexthop setting??)" >&2
> fi
> fi
> return $st
> }
>
>
>
> # the big choice
> case "$PLUTO_VERB:$1" in
> prepare-host:*|prepare-client:*)
> # delete possibly-existing route (preliminary to adding a route)
> case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
> "0.0.0.0/0.0.0.0")
> # horrible kludge for obscure routing bug with opportunistic
> it=3D"route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
> route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
> ;;
> *)
> it=3D"route del -net $PLUTO_PEER_CLIENT_NET \
> netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
> ;;
> esac
> oops=3D"`eval $it`"
> status=3D"$?"
> if test " $oops" =3D " " -a " $status" !=3D " 0"
> then
> oops=3D"silent error, exit status $status"
> fi
> case "$oops" in
> 'SIOCDELRT: No such process'*)
> # This is what route (currently -- not documented!) gives
> # for "could not find such a route".
> oops=3D
> status=3D0
> ;;
> esac
> if test " $oops" !=3D " " -o " $status" !=3D " 0"
> then
> echo "$0: \`$it' failed ($oops)" >&2
> fi
> exit $status
> ;;
> route-host:*|route-client:*)
> # connection to me or my client subnet being routed
> uproute
> ;;
> unroute-host:*|unroute-client:*)
> # connection to me or my client subnet being unrouted
> downroute
> ;;
> up-host:*)
> # connection to me coming up
> # If you are doing a custom version, firewall commands go here.
> ;;
> down-host:*)
> # connection to me going down
> # If you are doing a custom version, firewall commands go here.
> ;;
> up-client:)
> # connection to my client subnet coming up
> # If you are doing a custom version, firewall commands go here.
> ;;
> down-client:)
> # connection to my client subnet going down
> # If you are doing a custom version, firewall commands go here.
> ;;
> up-client:ipfwadm)
> # connection to client subnet, with (left/right)firewall=3Dyes, coming =
> up
> # This is used only by the default updown script, not by your custom
> # ones, so do not mess with it; see CAUTION comment up at top.
> ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> ;;
> down-client:ipfwadm)
> # connection to client subnet, with (left/right)firewall=3Dyes, going =
> down
> # This is used only by the default updown script, not by your custom
> # ones, so do not mess with it; see CAUTION comment up at top.
> ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
> -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
> ;;
> *)echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
> exit 1
> ;;
> esac
> + _________________________ proc/net/dev
> + cat /proc/net/dev
> Inter-| Receive | =
> Transmit
> face |bytes packets errs drop fifo frame compressed multicast|bytes =
> packets errs drop fifo colls carrier compressed
> lo: 1540 20 0 0 0 0 0 0 =
> 1540 20 0 0 0 0 0 0
> eth0: 671662 8523 0 0 0 0 0 0 =
> 718028 4986 0 0 0 0 0 0
> eth1: 184838 1602 0 0 0 0 0 0 =
> 660 11 0 0 0 0 0 0
> ipsec0: 0 0 0 0 0 0 0 0 =
> 0 0 0 0 0 0 0 0
> ipsec1: 0 0 0 0 0 0 0 0 =
> 0 0 0 0 0 0 0 0
> ipsec2: 0 0 0 0 0 0 0 0 =
> 0 0 0 0 0 0 0 0
> ipsec3: 0 0 0 0 0 0 0 0 =
> 0 0 0 0 0 0 0 0
> + _________________________ proc/net/route
> + cat /proc/net/route
> IfaceDestinationGateway FlagsRefCntUseMetricMaskMTUWindowIRTT =
> =20
> eth0E001B8CA000000000001000E0FFFFFF4000 =
> =20
> ipsec0E001B8CA000000000001000E0FFFFFF4000 =
> =20
> ipsec0005664C0E101B8CA000300000FFFFFF4000 =
> =20
> eth10002010A00000000000100000FFFFFF4000 =
> =20
> lo0000007F000000000001000000000FF4000 =
> =20
> eth000000000E101B8CA0003000000000004000 =
> =20
> + _________________________ proc/sys/net/ipv4/ip_forward
> + cat /proc/sys/net/ipv4/ip_forward
> 0
> + _________________________ proc/sys/net/ipv4/conf/star-rp_filter
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter =
> eth1/rp_filter ipsec0/rp_filter lo/rp_filter
> all/rp_filter:0
> default/rp_filter:1
> eth0/rp_filter:0
> eth1/rp_filter:1
> ipsec0/rp_filter:1
> lo/rp_filter:1
> + _________________________ uname-a
> + uname -a
> Linux localhost.localdomain 2.4.18-18.8.0 #1 Thu Nov 14 00:10:29 EST =
> 2002 i686 i686 i386 GNU/Linux
> + _________________________ redhat-release
> + test -r /etc/redhat-release
> + cat /etc/redhat-release
> Red Hat Linux release 8.0 (Psyche)
> + _________________________ proc/net/ipsec_version
> + cat /proc/net/ipsec_version
> FreeS/WAN version: 1.99
> + _________________________ iptables/list
> + iptables -L -v -n
> Chain INPUT (policy ACCEPT 7899 packets, 551K bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain OUTPUT (policy ACCEPT 5030 packets, 654K bytes)
> pkts bytes target prot opt in out source =
> destination =20
> + _________________________ ipchains/list
> + ipchains -L -v -n
> /usr/local/lib/ipsec/barf: line 197: ipchains: command not found
> + _________________________ ipfwadm/forward
> + ipfwadm -F -l -n -e
> /usr/local/lib/ipsec/barf: line 199: ipfwadm: command not found
> + _________________________ ipfwadm/input
> + ipfwadm -I -l -n -e
> /usr/local/lib/ipsec/barf: line 201: ipfwadm: command not found
> + _________________________ ipfwadm/output
> + ipfwadm -O -l -n -e
> /usr/local/lib/ipsec/barf: line 203: ipfwadm: command not found
> + _________________________ iptables/nat
> + iptables -t nat -L -v -n
> Chain PREROUTING (policy ACCEPT 187 packets, 34852 bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain POSTROUTING (policy ACCEPT 9 packets, 900 bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain OUTPUT (policy ACCEPT 9 packets, 900 bytes)
> pkts bytes target prot opt in out source =
> destination =20
> + _________________________ ipchains/masq
> + ipchains -M -L -v -n
> /usr/local/lib/ipsec/barf: line 207: ipchains: command not found
> + _________________________ ipfwadm/masq
> + ipfwadm -M -l -n -e
> /usr/local/lib/ipsec/barf: line 209: ipfwadm: command not found
> + _________________________ iptables/mangle
> + iptables -t mangle -L -v -n
> Chain PREROUTING (policy ACCEPT 4486 packets, 317K bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain INPUT (policy ACCEPT 4358 packets, 300K bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain OUTPUT (policy ACCEPT 2855 packets, 457K bytes)
> pkts bytes target prot opt in out source =
> destination =20
>
> Chain POSTROUTING (policy ACCEPT 2855 packets, 457K bytes)
> pkts bytes target prot opt in out source =
> destination =20
> + _________________________ proc/modules
> + cat /proc/modules
> ipsec 267456 2
> iptable_mangle 2776 0 (autoclean) (unused)
> iptable_nat 19960 0 (autoclean) (unused)
> ip_conntrack 21244 1 (autoclean) [iptable_nat]
> autofs 13348 0 (autoclean) (unused)
> 8139too 17704 2
> mii 2156 0 [8139too]
> iptable_filter 2412 0 (autoclean) (unused)
> ip_tables 14936 5 [iptable_mangle iptable_nat =
> iptable_filter]
> mousedev 5524 1
> keybdev 2976 0 (unused)
> hid 22244 0 (unused)
> input 5920 0 [mousedev keybdev hid]
> usb-ohci 21320 0 (unused)
> usbcore 77024 1 [hid usb-ohci]
> ext3 70368 5
> jbd 52212 5 [ext3]
> + _________________________ proc/meminfo
> + cat /proc/meminfo
> total: used: free: shared: buffers: cached:
> Mem: 228491264 136007680 92483584 0 25411584 71536640
> Swap: 468799488 0 468799488
> MemTotal: 223136 kB
> MemFree: 90316 kB
> MemShared: 0 kB
> Buffers: 24816 kB
> Cached: 69860 kB
> SwapCached: 0 kB
> Active: 109912 kB
> Inact_dirty: 1676 kB
> Inact_clean: 6792 kB
> Inact_target: 23676 kB
> HighTotal: 0 kB
> HighFree: 0 kB
> LowTotal: 223136 kB
> LowFree: 90316 kB
> SwapTotal: 457812 kB
> SwapFree: 457812 kB
> Committed_AS: 38204 kB
> + _________________________ dev/ipsec-ls
> + ls -l '/dev/ipsec*'
> ls: /dev/ipsec*: No such file or directory
> + _________________________ proc/net/ipsec-ls
> + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug =
> /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg =
> /proc/net/ipsec_version
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_eroute
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_klipsdebug
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_spi
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_spigrp
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_tncfg
> -r--r--r-- 1 root root 0 Nov 28 00:51 =
> /proc/net/ipsec_version
> + _________________________ usr/src/linux/.config
> + test -f /usr/src/linux/.config
> + _________________________ etc/syslog.conf
> + cat /etc/syslog.conf
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.*/dev/console
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none/var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.*/var/log/secure
>
> # Log all the mail messages in one place.
> mail.*/var/log/maillog
>
>
> # Log cron stuff
> cron.*/var/log/cron
>
> # Everybody gets emergency messages
> *.emerg*
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit/var/log/spooler
>
> # Save boot messages also to boot.log
> local7.*/var/log/boot.log
> + _________________________ etc/resolv.conf
> + cat /etc/resolv.conf
>
> search localdomain
> nameserver 192.228.188.20
> nameserver 161.142.201.17
> + _________________________ lib/modules-ls
> + ls -ltr /lib/modules
> total 2
> drwxr-xr-x 4 root root 1024 Nov 21 17:44 2.4.18-18.8.0
> drwxr-xr-x 4 root root 1024 Nov 22 00:34 2.4.18-14
> + _________________________ proc/ksyms-netif_rx
> + egrep netif_rx /proc/ksyms
> c01ede30 netif_rx_Rac7ce141
> + _________________________ lib/modules-netif_rx
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> + set +x
> 2.4.18-14: U netif_rx_Rac7ce141
> 2.4.18-18.8.0: U netif_rx_Rac7ce141
> + _________________________ kern.debug
> + test -f /var/log/kern.debug
> + _________________________ klog
> + sed -n '4606,$p' /var/log/messages
> + egrep -i 'ipsec|klips|pluto'
> + cat
> Nov 28 00:48:03 localhost ipsec_setup: Starting FreeS/WAN IPsec 1.99...
> Nov 28 00:48:03 localhost ipsec_setup: Using =
> /lib/modules/2.4.18-18.8.0/kernel/net/ipsec/ipsec.o
> Nov 28 00:48:03 localhost kernel: klips_info:ipsec_init: KLIPS startup, =
> FreeS/WAN IPSec version: 1.99
> Nov 28 00:48:03 localhost /etc/hotplug/net.agent: invoke ifup ipsec0
> Nov 28 00:48:03 localhost /etc/hotplug/net.agent: invoke ifup ipsec1
> Nov 28 00:48:03 localhost /etc/hotplug/net.agent: invoke ifup ipsec2
> Nov 28 00:48:03 localhost /etc/hotplug/net.agent: invoke ifup ipsec3
> Nov 28 00:48:03 localhost ipsec_setup: KLIPS debug `none'
> Nov 28 00:48:03 localhost ipsec_setup: KLIPS ipsec0 on eth0 =
> 202.184.1.233/255.255.255.224 broadcast 202.184.1.255=20
> Nov 28 00:48:04 localhost ipsec_setup: ...FreeS/WAN IPsec started
> Nov 28 00:48:05 localhost ipsec__plutorun: 104 "bun-digi" #1: =
> STATE_MAIN_I1: initiate
> Nov 28 00:48:05 localhost ipsec__plutorun: 106 "bun-digi" #1: =
> STATE_MAIN_I2: sent MI2, expecting MR2
> Nov 28 00:48:05 localhost ipsec__plutorun: 108 "bun-digi" #1: =
> STATE_MAIN_I3: sent MI3, expecting MR3
> Nov 28 00:48:05 localhost ipsec__plutorun: 004 "bun-digi" #1: =
> STATE_MAIN_I4: ISAKMP SA established
> Nov 28 00:48:05 localhost ipsec__plutorun: 112 "bun-digi" #2: =
> STATE_QUICK_I1: initiate
> Nov 28 00:48:05 localhost ipsec__plutorun: 004 "bun-digi" #2: =
> STATE_QUICK_I2: sent QI2, IPsec SA established
> + _________________________ plog
> + sed -n '13017,$p' /var/log/secure
> + egrep -i pluto
> + cat
> Nov 28 00:48:04 localhost ipsec__plutorun: Starting Pluto subsystem...
> Nov 28 00:48:04 localhost pluto[3755]: Starting Pluto (FreeS/WAN Version =
> 1.99)
> Nov 28 00:48:04 localhost pluto[3755]: | opening /dev/urandom
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_REINIT_SECRET, timeout in 3600 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | process 3755 listening for =
> PF_KEY_V2 on file descriptor 6
> Nov 28 00:48:04 localhost pluto[3755]: | finish_pfkey_msg: SADB_REGISTER =
> message 1 for AH=20
> Nov 28 00:48:04 localhost pluto[3755]: | 02 07 00 02 02 00 00 00 01 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | pfkey_get: SADB_REGISTER =
> message 1
> Nov 28 00:48:04 localhost pluto[3755]: | AH registered with kernel.
> Nov 28 00:48:04 localhost pluto[3755]: | finish_pfkey_msg: SADB_REGISTER =
> message 2 for ESP=20
> Nov 28 00:48:04 localhost pluto[3755]: | 02 07 00 03 02 00 00 00 02 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | pfkey_get: SADB_REGISTER =
> message 2
> Nov 28 00:48:04 localhost pluto[3755]: | ESP registered with kernel.
> Nov 28 00:48:04 localhost pluto[3755]: | finish_pfkey_msg: SADB_REGISTER =
> message 3 for IPCOMP=20
> Nov 28 00:48:04 localhost pluto[3755]: | 02 07 00 0a 02 00 00 00 03 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | pfkey_get: SADB_REGISTER =
> message 3
> Nov 28 00:48:04 localhost pluto[3755]: | IPCOMP registered with kernel.
> Nov 28 00:48:04 localhost pluto[3755]: | finish_pfkey_msg: SADB_REGISTER =
> message 4 for IPIP=20
> Nov 28 00:48:04 localhost pluto[3755]: | 02 07 00 09 02 00 00 00 04 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | pfkey_get: SADB_REGISTER =
> message 4
> Nov 28 00:48:04 localhost pluto[3755]: | IPIP registered with kernel.
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_SHUNT_SCAN, timeout in 120 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 120 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received whack message
> Nov 28 00:48:04 localhost pluto[3755]: added connection description =
> "bun-digi"
> Nov 28 00:48:04 localhost pluto[3755]: | =
> 10.1.2.0/24=3D=3D=3D202.184.1.233---202.184.1.225...203.92.128.5---203.92=
> ..128.195=3D=3D=3D192.100.86.0/24
> Nov 28 00:48:04 localhost pluto[3755]: | ike_life: 3600s; ipsec_life: =
> 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: =
> PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 120 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received whack message
> Nov 28 00:48:04 localhost pluto[3755]: listening for IKE messages
> Nov 28 00:48:04 localhost pluto[3755]: | found lo with address 127.0.0.1
> Nov 28 00:48:04 localhost pluto[3755]: | found eth0 with address =
> 202.184.1.233
> Nov 28 00:48:04 localhost pluto[3755]: | found eth1 with address =
> 10.1.2.1
> Nov 28 00:48:04 localhost pluto[3755]: | found ipsec0 with address =
> 202.184.1.233
> Nov 28 00:48:04 localhost pluto[3755]: | IP interface eth1 10.1.2.1 has =
> no matching ipsec* interface -- ignored
> Nov 28 00:48:04 localhost pluto[3755]: adding interface ipsec0/eth0 =
> 202.184.1.233
> Nov 28 00:48:04 localhost pluto[3755]: | IP interface lo 127.0.0.1 has =
> no matching ipsec* interface -- ignored
> Nov 28 00:48:04 localhost pluto[3755]: | could not open =
> /proc/net/if_inet6
> Nov 28 00:48:04 localhost pluto[3755]: loading secrets from =
> "/etc/ipsec.secrets"
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 120 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received whack message
> Nov 28 00:48:04 localhost pluto[3755]: | route owner of "bun-digi" =
> CK_PERMANENT unrouted: NULL; eroute owner: NULL
> Nov 28 00:48:04 localhost pluto[3755]: | route owner of "bun-digi" =
> CK_PERMANENT unrouted: NULL; eroute owner: NULL
> Nov 28 00:48:04 localhost pluto[3755]: | add eroute 10.1.2.0/24 -> =
> 192.100.86.0/24 =3D> %trap
> Nov 28 00:48:04 localhost pluto[3755]: | finish_pfkey_msg: =
> SADB_X_ADDFLOW message 5 for flow %trap
> Nov 28 00:48:04 localhost pluto[3755]: | 02 0e 00 0b 16 00 00 00 05 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 02 00 01 00 00 00 01 04 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 02 00 00 00 00 00 00 00 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 15 00 00 00 00 00 02 =
> 00 00 00 0a 01 02 00
> Nov 28 00:48:04 localhost pluto[3755]: | 28 e0 ff bf 83 4e 0c 42 03 =
> 00 16 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 02 00 00 00 c0 64 56 00 28 =
> e0 ff bf 83 4e 0c 42
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 17 00 00 00 00 00 02 =
> 00 00 00 ff ff ff 00
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 00 34 ef ff bf 03 =
> 00 18 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 02 00 00 00 ff ff ff 00 30 =
> 28 01 40 03 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | pfkey_get: SADB_X_ADDFLOW =
> message 5
> Nov 28 00:48:04 localhost pluto[3755]: | executing prepare-client: 2>&1 =
> PLUTO_VERSION=3D'1.1' PLUTO_VERB=3D'prepare-client' =
> PLUTO_CONNECTION=3D'bun-digi' PLUTO_NEXT_HOP=3D'202.184.1.225' =
> PLUTO_INTERFACE=3D'ipsec0' PLUTO_ME=3D'202.184.1.233' =
> PLUTO_MY_CLIENT=3D'10.1.2.0/24' PLUTO_MY_CLIENT_NET=3D'10.1.2.0' =
> PLUTO_MY_CLIENT_MASK=3D'255.255.255.0' PLUTO_PEER=3D'203.92.128.195' =
> PLUTO_PEER_CLIENT=3D'192.100.86.0/24' =
> PLUTO_PEER_CLIENT_NET=3D'192.100.86.0' =
> PLUTO_PEER_CLIENT_MASK=3D'255.255.255.0' ipsec _updown
> Nov 28 00:48:04 localhost pluto[3755]: | executing route-client: 2>&1 =
> PLUTO_VERSION=3D'1.1' PLUTO_VERB=3D'route-client' =
> PLUTO_CONNECTION=3D'bun-digi' PLUTO_NEXT_HOP=3D'202.184.1.225' =
> PLUTO_INTERFACE=3D'ipsec0' PLUTO_ME=3D'202.184.1.233' =
> PLUTO_MY_CLIENT=3D'10.1.2.0/24' PLUTO_MY_CLIENT_NET=3D'10.1.2.0' =
> PLUTO_MY_CLIENT_MASK=3D'255.255.255.0' PLUTO_PEER=3D'203.92.128.195' =
> PLUTO_PEER_CLIENT=3D'192.100.86.0/24' =
> PLUTO_PEER_CLIENT_NET=3D'192.100.86.0' =
> PLUTO_PEER_CLIENT_MASK=3D'255.255.255.0' ipsec _updown
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 120 seconds
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received whack message
> Nov 28 00:48:04 localhost pluto[3755]: | creating state object #1 at =
> 0x809bea0
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: 00 00 00 00 00 00 00 =
> 00
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 9
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_SO_DISCARD, timeout in 0 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | Queuing pending Quick Mode with =
> 203.92.128.195 "bun-digi"
> Nov 28 00:48:04 localhost pluto[3755]: "bun-digi" #1: initiating Main =
> Mode
> Nov 28 00:48:04 localhost pluto[3755]: | **emit ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_SA
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: none
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Security =
> Association Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | DOI: ISAKMP_DOI_IPSEC
> Nov 28 00:48:04 localhost pluto[3755]: | ****emit IPsec DOI SIT:
> Nov 28 00:48:04 localhost pluto[3755]: | IPsec DOI SIT: =
> SIT_IDENTITY_ONLY
> Nov 28 00:48:04 localhost pluto[3755]: | ****emit ISAKMP Proposal =
> Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | proposal number: 0
> Nov 28 00:48:04 localhost pluto[3755]: | protocol ID: PROTO_ISAKMP
> Nov 28 00:48:04 localhost pluto[3755]: | SPI size: 0
> Nov 28 00:48:04 localhost pluto[3755]: | number of transforms: 4
> Nov 28 00:48:04 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ISAKMP):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_T
> Nov 28 00:48:04 localhost pluto[3755]: | transform number: 0
> Nov 28 00:48:04 localhost pluto[3755]: | transform ID: KEY_IKE
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: OAKLEY_LIFE_TYPE
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_LIFE_SECONDS]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_LIFE_DURATION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 3600
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_ENCRYPTION_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_3DES_CBC]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_HASH_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_MD5]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_AUTHENTICATION_METHOD
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_PRESHARED_KEY]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_GROUP_DESCRIPTION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_GROUP_MODP1536 =
> (extension)]
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ISAKMP): 32
> Nov 28 00:48:04 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ISAKMP):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_T
> Nov 28 00:48:04 localhost pluto[3755]: | transform number: 1
> Nov 28 00:48:04 localhost pluto[3755]: | transform ID: KEY_IKE
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: OAKLEY_LIFE_TYPE
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_LIFE_SECONDS]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_LIFE_DURATION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 3600
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_ENCRYPTION_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_3DES_CBC]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_HASH_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:04 localhost pluto[3755]: | [2 is OAKLEY_SHA]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_AUTHENTICATION_METHOD
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_PRESHARED_KEY]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_GROUP_DESCRIPTION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_GROUP_MODP1536 =
> (extension)]
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ISAKMP): 32
> Nov 28 00:48:04 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ISAKMP):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_T
> Nov 28 00:48:04 localhost pluto[3755]: | transform number: 2
> Nov 28 00:48:04 localhost pluto[3755]: | transform ID: KEY_IKE
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: OAKLEY_LIFE_TYPE
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_LIFE_SECONDS]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_LIFE_DURATION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 3600
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_ENCRYPTION_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_3DES_CBC]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_HASH_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:04 localhost pluto[3755]: | [2 is OAKLEY_SHA]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_AUTHENTICATION_METHOD
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_PRESHARED_KEY]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_GROUP_DESCRIPTION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:04 localhost pluto[3755]: | [2 is =
> OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ISAKMP): 32
> Nov 28 00:48:04 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ISAKMP):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | transform number: 3
> Nov 28 00:48:04 localhost pluto[3755]: | transform ID: KEY_IKE
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: OAKLEY_LIFE_TYPE
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_LIFE_SECONDS]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_LIFE_DURATION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 3600
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_ENCRYPTION_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_3DES_CBC]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_HASH_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_MD5]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_AUTHENTICATION_METHOD
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_PRESHARED_KEY]
> Nov 28 00:48:04 localhost pluto[3755]: | ******emit ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_GROUP_DESCRIPTION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:04 localhost pluto[3755]: | [2 is =
> OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ISAKMP): 32
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Proposal Payload: 136
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Security Association Payload: 148
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Message: 176
> Nov 28 00:48:04 localhost pluto[3755]: | sending 176 bytes for =
> main_outI1 through eth0 to 203.92.128.195:500:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | 01 10 02 00 00 00 00 00 00 =
> 00 00 b0 00 00 00 94
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 01 00 00 00 01 00 =
> 00 00 88 00 01 00 04
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 00 20 00 01 00 00 80 =
> 0b 00 01 80 0c 0e 10
> Nov 28 00:48:04 localhost pluto[3755]: | 80 01 00 05 80 02 00 01 80 =
> 03 00 01 80 04 00 05
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 00 20 01 01 00 00 80 =
> 0b 00 01 80 0c 0e 10
> Nov 28 00:48:04 localhost pluto[3755]: | 80 01 00 05 80 02 00 02 80 =
> 03 00 01 80 04 00 05
> Nov 28 00:48:04 localhost pluto[3755]: | 03 00 00 20 02 01 00 00 80 =
> 0b 00 01 80 0c 0e 10
> Nov 28 00:48:04 localhost pluto[3755]: | 80 01 00 05 80 02 00 02 80 =
> 03 00 01 80 04 00 02
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 20 03 01 00 00 80 =
> 0b 00 01 80 0c 0e 10
> Nov 28 00:48:04 localhost pluto[3755]: | 80 01 00 05 80 02 00 01 80 =
> 03 00 01 80 04 00 02
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received 80 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | 01 10 02 00 00 00 00 00 00 =
> 00 00 50 00 00 00 34
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 01 00 00 00 01 00 =
> 00 00 28 01 01 00 01
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 20 01 01 00 00 80 =
> 0b 00 01 80 0c 0e 10
> Nov 28 00:48:04 localhost pluto[3755]: | 80 01 00 05 80 02 00 01 80 =
> 03 00 01 80 04 00 02
> Nov 28 00:48:04 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_SA
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: none
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | length: 80
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:04 localhost pluto[3755]: | state object not found
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: 00 00 00 00 00 00 00 =
> 00
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 9
> Nov 28 00:48:04 localhost pluto[3755]: | state object #1 found, in =
> STATE_MAIN_I1
> Nov 28 00:48:04 localhost pluto[3755]: | ***parse ISAKMP Security =
> Association Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 52
> Nov 28 00:48:04 localhost pluto[3755]: | DOI: ISAKMP_DOI_IPSEC
> Nov 28 00:48:04 localhost pluto[3755]: | ****parse IPsec DOI SIT:
> Nov 28 00:48:04 localhost pluto[3755]: | IPsec DOI SIT: =
> SIT_IDENTITY_ONLY
> Nov 28 00:48:04 localhost pluto[3755]: | ****parse ISAKMP Proposal =
> Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 40
> Nov 28 00:48:04 localhost pluto[3755]: | proposal number: 1
> Nov 28 00:48:04 localhost pluto[3755]: | protocol ID: PROTO_ISAKMP
> Nov 28 00:48:04 localhost pluto[3755]: | SPI size: 0
> Nov 28 00:48:04 localhost pluto[3755]: | number of transforms: 1
> Nov 28 00:48:04 localhost pluto[3755]: | *****parse ISAKMP Transform =
> Payload (ISAKMP):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 32
> Nov 28 00:48:04 localhost pluto[3755]: | transform number: 1
> Nov 28 00:48:04 localhost pluto[3755]: | transform ID: KEY_IKE
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: OAKLEY_LIFE_TYPE
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_LIFE_SECONDS]
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_LIFE_DURATION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 3600
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_ENCRYPTION_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 5
> Nov 28 00:48:04 localhost pluto[3755]: | [5 is OAKLEY_3DES_CBC]
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_HASH_ALGORITHM
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_MD5]
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_AUTHENTICATION_METHOD
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:04 localhost pluto[3755]: | [1 is OAKLEY_PRESHARED_KEY]
> Nov 28 00:48:04 localhost pluto[3755]: | ******parse ISAKMP Oakley =
> attribute:
> Nov 28 00:48:04 localhost pluto[3755]: | af+type: =
> OAKLEY_GROUP_DESCRIPTION
> Nov 28 00:48:04 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:04 localhost pluto[3755]: | [2 is OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:04 localhost pluto[3755]: | Oakley Transform 1 accepted
> Nov 28 00:48:04 localhost pluto[3755]: | **emit ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_KE
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: none
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | Local DH secret:
> Nov 28 00:48:04 localhost pluto[3755]: | 60 f5 9f 6d f3 f3 42 2f 49 =
> 24 72 19 8d 37 b0 43
> Nov 28 00:48:04 localhost pluto[3755]: | d3 7b 00 ed 1c 2f e1 66 10 =
> 05 98 fe 4e 91 9f 14
> Nov 28 00:48:04 localhost pluto[3755]: | Public DH value sent:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 82 8c 9c 10 3a 75 52 54 =
> ab e2 03 7a 85 67 8a
> Nov 28 00:48:04 localhost pluto[3755]: | d9 98 d0 91 70 eb 2d d9 82 =
> 3a 63 42 d0 13 43 a3
> Nov 28 00:48:04 localhost pluto[3755]: | 50 c3 2b be 71 37 11 9b 06 =
> ad 28 54 c9 c5 09 17
> Nov 28 00:48:04 localhost pluto[3755]: | a8 05 b9 f5 d0 0f 5a 61 59 =
> 3b a1 6f 99 41 e1 d9
> Nov 28 00:48:04 localhost pluto[3755]: | cd 7d e7 1a 05 a8 40 8a 8e =
> c7 0c 5c 83 37 4b 3a
> Nov 28 00:48:04 localhost pluto[3755]: | ae 12 9f 92 4d ef 2a f5 10 =
> fc a4 f1 f8 2f e2 3a
> Nov 28 00:48:04 localhost pluto[3755]: | 8b bd 6d 52 d7 96 66 57 65 =
> 59 9f 43 8a 69 be f3
> Nov 28 00:48:04 localhost pluto[3755]: | 87 0d 00 c6 92 3d 85 ac 0e =
> a7 33 c5 35 41 ee c4
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Key Exchange =
> Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONCE
> Nov 28 00:48:04 localhost pluto[3755]: | emitting 128 raw bytes of keyex =
> value into ISAKMP Key Exchange Payload
> Nov 28 00:48:04 localhost pluto[3755]: | keyex value b1 82 8c 9c 10 3a =
> 75 52 54 ab e2 03 7a 85 67 8a
> Nov 28 00:48:04 localhost pluto[3755]: | d9 98 d0 91 70 eb 2d d9 82 =
> 3a 63 42 d0 13 43 a3
> Nov 28 00:48:04 localhost pluto[3755]: | 50 c3 2b be 71 37 11 9b 06 =
> ad 28 54 c9 c5 09 17
> Nov 28 00:48:04 localhost pluto[3755]: | a8 05 b9 f5 d0 0f 5a 61 59 =
> 3b a1 6f 99 41 e1 d9
> Nov 28 00:48:04 localhost pluto[3755]: | cd 7d e7 1a 05 a8 40 8a 8e =
> c7 0c 5c 83 37 4b 3a
> Nov 28 00:48:04 localhost pluto[3755]: | ae 12 9f 92 4d ef 2a f5 10 =
> fc a4 f1 f8 2f e2 3a
> Nov 28 00:48:04 localhost pluto[3755]: | 8b bd 6d 52 d7 96 66 57 65 =
> 59 9f 43 8a 69 be f3
> Nov 28 00:48:04 localhost pluto[3755]: | 87 0d 00 c6 92 3d 85 ac 0e =
> a7 33 c5 35 41 ee c4
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP Key =
> Exchange Payload: 132
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Nonce Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | emitting 16 raw bytes of Ni =
> into ISAKMP Nonce Payload
> Nov 28 00:48:04 localhost pluto[3755]: | Ni 79 d2 01 54 5d ed e2 a0 =
> 72 39 62 77 93 4d 78 9f
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP Nonce =
> Payload: 20
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Message: 180
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: 00 00 00 00 00 00 00 =
> 00
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 9
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:04 localhost pluto[3755]: | sending 180 bytes for =
> STATE_MAIN_I1 through eth0 to 203.92.128.195:500:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | 04 10 02 00 00 00 00 00 00 =
> 00 00 b4 0a 00 00 84
> Nov 28 00:48:04 localhost pluto[3755]: | b1 82 8c 9c 10 3a 75 52 54 =
> ab e2 03 7a 85 67 8a
> Nov 28 00:48:04 localhost pluto[3755]: | d9 98 d0 91 70 eb 2d d9 82 =
> 3a 63 42 d0 13 43 a3
> Nov 28 00:48:04 localhost pluto[3755]: | 50 c3 2b be 71 37 11 9b 06 =
> ad 28 54 c9 c5 09 17
> Nov 28 00:48:04 localhost pluto[3755]: | a8 05 b9 f5 d0 0f 5a 61 59 =
> 3b a1 6f 99 41 e1 d9
> Nov 28 00:48:04 localhost pluto[3755]: | cd 7d e7 1a 05 a8 40 8a 8e =
> c7 0c 5c 83 37 4b 3a
> Nov 28 00:48:04 localhost pluto[3755]: | ae 12 9f 92 4d ef 2a f5 10 =
> fc a4 f1 f8 2f e2 3a
> Nov 28 00:48:04 localhost pluto[3755]: | 8b bd 6d 52 d7 96 66 57 65 =
> 59 9f 43 8a 69 be f3
> Nov 28 00:48:04 localhost pluto[3755]: | 87 0d 00 c6 92 3d 85 ac 0e =
> a7 33 c5 35 41 ee c4
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 14 79 d2 01 54 5d =
> ed e2 a0 72 39 62 77
> Nov 28 00:48:04 localhost pluto[3755]: | 93 4d 78 9f
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received 184 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | 04 10 02 00 00 00 00 00 00 =
> 00 00 b8 0a 00 00 84
> Nov 28 00:48:04 localhost pluto[3755]: | 55 5c 9d d0 60 b8 25 59 03 =
> ab e6 88 c4 56 18 69
> Nov 28 00:48:04 localhost pluto[3755]: | bc a4 40 40 40 02 d2 57 6b =
> ab ed f2 40 25 05 f5
> Nov 28 00:48:04 localhost pluto[3755]: | 09 74 2f 40 21 31 de 35 82 =
> 10 bc 74 75 a4 10 50
> Nov 28 00:48:04 localhost pluto[3755]: | ed f3 dc 29 f5 ae 98 13 28 =
> 39 1d 50 c4 cf 56 c9
> Nov 28 00:48:04 localhost pluto[3755]: | aa a8 28 3a 9a 05 04 37 35 =
> b8 af a3 d5 f7 ed 0b
> Nov 28 00:48:04 localhost pluto[3755]: | ff e0 30 4a a7 89 db 1d 2c =
> fb 68 55 4a 6e 46 69
> Nov 28 00:48:04 localhost pluto[3755]: | c0 d0 5b c4 1c 1f 27 c9 58 =
> e3 88 8f 94 4e 36 1e
> Nov 28 00:48:04 localhost pluto[3755]: | 91 cc 6c 2e 03 2e c4 c3 4a =
> 67 33 d2 3a bb 44 b0
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 18 3b ff 2a ae d1 =
> 93 52 92 68 df 08 60
> Nov 28 00:48:04 localhost pluto[3755]: | 31 11 ea f5 94 9b 73 6f
> Nov 28 00:48:04 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_KE
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: none
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | length: 184
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:04 localhost pluto[3755]: | state object #1 found, in =
> STATE_MAIN_I2
> Nov 28 00:48:04 localhost pluto[3755]: | ***parse ISAKMP Key Exchange =
> Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONCE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 132
> Nov 28 00:48:04 localhost pluto[3755]: | ***parse ISAKMP Nonce Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 24
> Nov 28 00:48:04 localhost pluto[3755]: | **emit ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | DH public value received:
> Nov 28 00:48:04 localhost pluto[3755]: | 55 5c 9d d0 60 b8 25 59 03 =
> ab e6 88 c4 56 18 69
> Nov 28 00:48:04 localhost pluto[3755]: | bc a4 40 40 40 02 d2 57 6b =
> ab ed f2 40 25 05 f5
> Nov 28 00:48:04 localhost pluto[3755]: | 09 74 2f 40 21 31 de 35 82 =
> 10 bc 74 75 a4 10 50
> Nov 28 00:48:04 localhost pluto[3755]: | ed f3 dc 29 f5 ae 98 13 28 =
> 39 1d 50 c4 cf 56 c9
> Nov 28 00:48:04 localhost pluto[3755]: | aa a8 28 3a 9a 05 04 37 35 =
> b8 af a3 d5 f7 ed 0b
> Nov 28 00:48:04 localhost pluto[3755]: | ff e0 30 4a a7 89 db 1d 2c =
> fb 68 55 4a 6e 46 69
> Nov 28 00:48:04 localhost pluto[3755]: | c0 d0 5b c4 1c 1f 27 c9 58 =
> e3 88 8f 94 4e 36 1e
> Nov 28 00:48:04 localhost pluto[3755]: | 91 cc 6c 2e 03 2e c4 c3 4a =
> 67 33 d2 3a bb 44 b0
> Nov 28 00:48:04 localhost pluto[3755]: | DH shared secret:
> Nov 28 00:48:04 localhost pluto[3755]: | 23 05 a2 06 a9 3a bb e9 ed =
> a7 97 b5 e0 ab c3 95
> Nov 28 00:48:04 localhost pluto[3755]: | 6c 2e f2 b4 ed 89 c4 27 f7 =
> 8c 31 fb 1f 79 23 99
> Nov 28 00:48:04 localhost pluto[3755]: | 97 0c f6 00 4a db e7 c3 74 =
> e5 56 fc 42 e5 6a 0e
> Nov 28 00:48:04 localhost pluto[3755]: | 87 55 8a 88 cf 22 41 ec 84 =
> 36 d5 1f 3f 95 3a b5
> Nov 28 00:48:04 localhost pluto[3755]: | cf 41 11 84 6a 4d 27 de 50 =
> 48 f8 6e b4 35 86 11
> Nov 28 00:48:04 localhost pluto[3755]: | 6f 90 be d8 c8 99 65 80 03 =
> 9a 28 a0 b8 b0 2f 1f
> Nov 28 00:48:04 localhost pluto[3755]: | 2c ed aa 2c 36 83 c6 de 70 =
> 77 d8 f1 f0 69 90 56
> Nov 28 00:48:04 localhost pluto[3755]: | 0a 75 8c 42 8d 92 d9 1d 31 =
> 33 a3 82 16 7c a1 7b
> Nov 28 00:48:04 localhost pluto[3755]: | Skeyid: f8 39 c2 68 86 98 =
> 6a 5d 2a 19 51 70 7c ab d3 19
> Nov 28 00:48:04 localhost pluto[3755]: | Skeyid_d: 0e 8a 96 ed d2 09 =
> 0f c5 48 14 71 65 21 96 22 cc
> Nov 28 00:48:04 localhost pluto[3755]: | Skeyid_a: eb 5f e7 c1 82 07 =
> aa 62 c5 e4 06 8e 0c a4 ce e2
> Nov 28 00:48:04 localhost pluto[3755]: | Skeyid_e: 7a 6d 22 8a 07 8b =
> 23 b5 39 5d 12 03 84 7e 7a 78
> Nov 28 00:48:04 localhost pluto[3755]: | enc key: 8d af 83 dd 1a f7 90 =
> 9d 86 c0 50 25 6f a5 cf 7e
> Nov 28 00:48:04 localhost pluto[3755]: | 6e 0a 5d 94 28 32 68 e8
> Nov 28 00:48:04 localhost pluto[3755]: | IV: 87 b2 ae 3b 79 e3 4e df =
> 91 70 b3 db ea 17 39 01
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Identification =
> Payload (IPsec DOI):
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_HASH
> Nov 28 00:48:04 localhost pluto[3755]: | ID type: ID_IPV4_ADDR
> Nov 28 00:48:04 localhost pluto[3755]: | Protocol ID: 0
> Nov 28 00:48:04 localhost pluto[3755]: | port: 0
> Nov 28 00:48:04 localhost pluto[3755]: | emitting 4 raw bytes of my =
> identity into ISAKMP Identification Payload (IPsec DOI)
> Nov 28 00:48:04 localhost pluto[3755]: | my identity ca b8 01 e9
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Identification Payload (IPsec DOI): 12
> Nov 28 00:48:04 localhost pluto[3755]: | hashing 144 bytes of SA
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Hash Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | emitting 16 raw bytes of HASH_I =
> into ISAKMP Hash Payload
> Nov 28 00:48:04 localhost pluto[3755]: | HASH_I 2a ac 19 96 7c 7a 00 =
> aa 96 6b a1 2f 23 cb ff 57
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP Hash =
> Payload: 20
> Nov 28 00:48:04 localhost pluto[3755]: | encrypting:
> Nov 28 00:48:04 localhost pluto[3755]: | 08 00 00 0c 01 00 00 00 ca =
> b8 01 e9 00 00 00 14
> Nov 28 00:48:04 localhost pluto[3755]: | 2a ac 19 96 7c 7a 00 aa 96 =
> 6b a1 2f 23 cb ff 57
> Nov 28 00:48:04 localhost pluto[3755]: | encrypting using =
> OAKLEY_3DES_CBC
> Nov 28 00:48:04 localhost pluto[3755]: | next IV: d3 ff af 13 8b f2 97 =
> 1c
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP =
> Message: 60
> Nov 28 00:48:04 localhost pluto[3755]: | sending 60 bytes for =
> STATE_MAIN_I2 through eth0 to 203.92.128.195:500:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | 05 10 02 01 00 00 00 00 00 =
> 00 00 3c 3f f2 6d 87
> Nov 28 00:48:04 localhost pluto[3755]: | 10 4b ed cd b3 94 72 ff 18 =
> e6 f1 7b ce 36 22 7a
> Nov 28 00:48:04 localhost pluto[3755]: | 27 6e a6 a3 d3 ff af 13 8b =
> f2 97 1c
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: | =20
> Nov 28 00:48:04 localhost pluto[3755]: | *received 68 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | 05 10 02 01 00 00 00 00 00 =
> 00 00 44 08 84 52 2e
> Nov 28 00:48:04 localhost pluto[3755]: | 4d 96 2f b0 bb 42 8e 7e 9e =
> 7f 58 39 a3 72 db d4
> Nov 28 00:48:04 localhost pluto[3755]: | 29 83 0d 70 6b c3 2e 34 4e =
> 25 b3 92 ee 14 64 61
> Nov 28 00:48:04 localhost pluto[3755]: | 76 26 9d ba
> Nov 28 00:48:04 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:04 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:04 localhost pluto[3755]: | length: 68
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:04 localhost pluto[3755]: | state object #1 found, in =
> STATE_MAIN_I3
> Nov 28 00:48:04 localhost pluto[3755]: | received encrypted packet from =
> 203.92.128.195:500
> Nov 28 00:48:04 localhost pluto[3755]: | decrypting 40 bytes using =
> algorithm OAKLEY_3DES_CBC
> Nov 28 00:48:04 localhost pluto[3755]: | decrypted:
> Nov 28 00:48:04 localhost pluto[3755]: | 08 00 00 0c 01 00 00 00 cb =
> 5c 80 c3 00 00 00 14
> Nov 28 00:48:04 localhost pluto[3755]: | 98 73 a9 9b ae bb 6e 9c c1 =
> 4c 87 80 0e 31 6a 42
> Nov 28 00:48:04 localhost pluto[3755]: | 00 00 00 00 00 00 00 07
> Nov 28 00:48:04 localhost pluto[3755]: | next IV: ee 14 64 61 76 26 9d =
> ba
> Nov 28 00:48:04 localhost pluto[3755]: | ***parse ISAKMP Identification =
> Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_HASH
> Nov 28 00:48:04 localhost pluto[3755]: | length: 12
> Nov 28 00:48:04 localhost pluto[3755]: | ID type: 1
> Nov 28 00:48:04 localhost pluto[3755]: | DOI specific A: 0
> Nov 28 00:48:04 localhost pluto[3755]: | DOI specific B: 0
> Nov 28 00:48:04 localhost pluto[3755]: | ***parse ISAKMP Hash Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:04 localhost pluto[3755]: | length: 20
> Nov 28 00:48:04 localhost pluto[3755]: | removing 8 bytes of padding
> Nov 28 00:48:04 localhost pluto[3755]: | Peer's ID is ID_IPV4_ADDR: =
> '203.92.128.195'
> Nov 28 00:48:04 localhost pluto[3755]: | hashing 144 bytes of SA
> Nov 28 00:48:04 localhost pluto[3755]: | authentication succeeded
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_SA_REPLACE, timeout in 2731 seconds for #1
> Nov 28 00:48:04 localhost pluto[3755]: "bun-digi" #1: ISAKMP SA =
> established
> Nov 28 00:48:04 localhost pluto[3755]: | unqueuing pending Quick Mode =
> with 203.92.128.195 "bun-digi"
> Nov 28 00:48:04 localhost pluto[3755]: | duplicating state object #1
> Nov 28 00:48:04 localhost pluto[3755]: | creating state object #2 at =
> 0x809c848
> Nov 28 00:48:04 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:04 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:04 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:04 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:04 localhost pluto[3755]: | inserting event =
> EVENT_SO_DISCARD, timeout in 0 seconds for #2
> Nov 28 00:48:04 localhost pluto[3755]: "bun-digi" #2: initiating Quick =
> Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
> Nov 28 00:48:04 localhost pluto[3755]: | **emit ISAKMP Message:
> Nov 28 00:48:04 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:04 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:04 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_HASH
> Nov 28 00:48:04 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:04 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_QUICK
> Nov 28 00:48:04 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:04 localhost pluto[3755]: | message ID: d0 c4 52 bb
> Nov 28 00:48:04 localhost pluto[3755]: | ***emit ISAKMP Hash Payload:
> Nov 28 00:48:04 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_SA
> Nov 28 00:48:04 localhost pluto[3755]: | emitting 16 zero bytes of HASH =
> into ISAKMP Hash Payload
> Nov 28 00:48:04 localhost pluto[3755]: | emitting length of ISAKMP Hash =
> Payload: 20
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Security =
> Association Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONCE
> Nov 28 00:48:05 localhost pluto[3755]: | DOI: ISAKMP_DOI_IPSEC
> Nov 28 00:48:05 localhost pluto[3755]: | ****emit IPsec DOI SIT:
> Nov 28 00:48:05 localhost pluto[3755]: | IPsec DOI SIT: =
> SIT_IDENTITY_ONLY
> Nov 28 00:48:05 localhost pluto[3755]: | ****emit ISAKMP Proposal =
> Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | proposal number: 0
> Nov 28 00:48:05 localhost pluto[3755]: | protocol ID: PROTO_IPSEC_ESP
> Nov 28 00:48:05 localhost pluto[3755]: | SPI size: 4
> Nov 28 00:48:05 localhost pluto[3755]: | number of transforms: 2
> Nov 28 00:48:05 localhost pluto[3755]: | generate SPI: a2 c7 af 59
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 raw bytes of SPI =
> into ISAKMP Proposal Payload
> Nov 28 00:48:05 localhost pluto[3755]: | SPI a2 c7 af 59
> Nov 28 00:48:05 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ESP):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_T
> Nov 28 00:48:05 localhost pluto[3755]: | transform number: 0
> Nov 28 00:48:05 localhost pluto[3755]: | transform ID: ESP_3DES
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: GROUP_DESCRIPTION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:05 localhost pluto[3755]: | [2 is =
> OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: ENCAPSULATION_MODE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is =
> ENCAPSULATION_MODE_TUNNEL]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_TYPE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is SA_LIFE_TYPE_SECONDS]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_DURATION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 28800
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: AUTH_ALGORITHM
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is =
> AUTH_ALGORITHM_HMAC_MD5]
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ESP): 28
> Nov 28 00:48:05 localhost pluto[3755]: | *****emit ISAKMP Transform =
> Payload (ESP):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | transform number: 1
> Nov 28 00:48:05 localhost pluto[3755]: | transform ID: ESP_3DES
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: GROUP_DESCRIPTION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:05 localhost pluto[3755]: | [2 is =
> OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: ENCAPSULATION_MODE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is =
> ENCAPSULATION_MODE_TUNNEL]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_TYPE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is SA_LIFE_TYPE_SECONDS]
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_DURATION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 28800
> Nov 28 00:48:05 localhost pluto[3755]: | ******emit ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: AUTH_ALGORITHM
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:05 localhost pluto[3755]: | [2 is =
> AUTH_ALGORITHM_HMAC_SHA1]
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Transform Payload (ESP): 28
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Proposal Payload: 68
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Security Association Payload: 80
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Nonce Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_KE
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 16 raw bytes of Ni =
> into ISAKMP Nonce Payload
> Nov 28 00:48:05 localhost pluto[3755]: | Ni 79 da 61 89 8a ac ae 47 =
> 78 fe b7 5d 9f 09 3a b0
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP Nonce =
> Payload: 20
> Nov 28 00:48:05 localhost pluto[3755]: | Local DH secret:
> Nov 28 00:48:05 localhost pluto[3755]: | 6f 38 26 2e d9 54 96 fa 65 =
> f0 c9 2e 41 2b df 32
> Nov 28 00:48:05 localhost pluto[3755]: | b4 14 a4 92 13 3f cc db 6e =
> 77 c5 3a 0f 7a 0c f9
> Nov 28 00:48:05 localhost pluto[3755]: | Public DH value sent:
> Nov 28 00:48:05 localhost pluto[3755]: | cf 16 c3 6b cc 2b 0d 90 8f =
> 5a 01 92 c8 29 c5 7d
> Nov 28 00:48:05 localhost pluto[3755]: | 94 df 1b b6 fe d5 39 5d ef =
> 07 ca c6 47 e3 af 95
> Nov 28 00:48:05 localhost pluto[3755]: | 7f 6a 95 b1 28 02 85 17 94 =
> 08 df cc e4 2a 2c 85
> Nov 28 00:48:05 localhost pluto[3755]: | f4 c5 de 8e ed cc d3 19 98 =
> cd 62 0d 52 02 56 9e
> Nov 28 00:48:05 localhost pluto[3755]: | c3 3d cd 83 a3 da c0 7c eb =
> 01 80 fa 58 dd 03 09
> Nov 28 00:48:05 localhost pluto[3755]: | 8f 71 88 2c de 74 46 0e c8 =
> d9 5d c7 97 43 ab d8
> Nov 28 00:48:05 localhost pluto[3755]: | 92 9c a9 18 f5 58 12 ef 0e =
> 21 8b 68 96 92 4e cb
> Nov 28 00:48:05 localhost pluto[3755]: | 00 fe 6d 0a 22 28 24 d2 d2 =
> 37 56 be 31 af 06 7a
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Key Exchange =
> Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 128 raw bytes of keyex =
> value into ISAKMP Key Exchange Payload
> Nov 28 00:48:05 localhost pluto[3755]: | keyex value cf 16 c3 6b cc 2b =
> 0d 90 8f 5a 01 92 c8 29 c5 7d
> Nov 28 00:48:05 localhost pluto[3755]: | 94 df 1b b6 fe d5 39 5d ef =
> 07 ca c6 47 e3 af 95
> Nov 28 00:48:05 localhost pluto[3755]: | 7f 6a 95 b1 28 02 85 17 94 =
> 08 df cc e4 2a 2c 85
> Nov 28 00:48:05 localhost pluto[3755]: | f4 c5 de 8e ed cc d3 19 98 =
> cd 62 0d 52 02 56 9e
> Nov 28 00:48:05 localhost pluto[3755]: | c3 3d cd 83 a3 da c0 7c eb =
> 01 80 fa 58 dd 03 09
> Nov 28 00:48:05 localhost pluto[3755]: | 8f 71 88 2c de 74 46 0e c8 =
> d9 5d c7 97 43 ab d8
> Nov 28 00:48:05 localhost pluto[3755]: | 92 9c a9 18 f5 58 12 ef 0e =
> 21 8b 68 96 92 4e cb
> Nov 28 00:48:05 localhost pluto[3755]: | 00 fe 6d 0a 22 28 24 d2 d2 =
> 37 56 be 31 af 06 7a
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP Key =
> Exchange Payload: 132
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Identification =
> Payload (IPsec DOI):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | ID type: ID_IPV4_ADDR_SUBNET
> Nov 28 00:48:05 localhost pluto[3755]: | Protocol ID: 0
> Nov 28 00:48:05 localhost pluto[3755]: | port: 0
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 raw bytes of client =
> network into ISAKMP Identification Payload (IPsec DOI)
> Nov 28 00:48:05 localhost pluto[3755]: | client network 0a 01 02 00
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 raw bytes of client =
> mask into ISAKMP Identification Payload (IPsec DOI)
> Nov 28 00:48:05 localhost pluto[3755]: | client mask ff ff ff 00
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Identification Payload (IPsec DOI): 16
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Identification =
> Payload (IPsec DOI):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | ID type: ID_IPV4_ADDR_SUBNET
> Nov 28 00:48:05 localhost pluto[3755]: | Protocol ID: 0
> Nov 28 00:48:05 localhost pluto[3755]: | port: 0
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 raw bytes of client =
> network into ISAKMP Identification Payload (IPsec DOI)
> Nov 28 00:48:05 localhost pluto[3755]: | client network c0 64 56 00
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 raw bytes of client =
> mask into ISAKMP Identification Payload (IPsec DOI)
> Nov 28 00:48:05 localhost pluto[3755]: | client mask ff ff ff 00
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Identification Payload (IPsec DOI): 16
> Nov 28 00:48:05 localhost pluto[3755]: | HASH(1) computed:
> Nov 28 00:48:05 localhost pluto[3755]: | bb 1e ba 34 12 10 ca 86 64 =
> 50 cf 93 24 13 55 7c
> Nov 28 00:48:05 localhost pluto[3755]: | computed Phase 2 IV:
> Nov 28 00:48:05 localhost pluto[3755]: | 5c 44 c9 a5 62 97 f0 a4 1d =
> 34 cf b3 fd 46 22 60
> Nov 28 00:48:05 localhost pluto[3755]: | encrypting:
> Nov 28 00:48:05 localhost pluto[3755]: | 01 00 00 14 bb 1e ba 34 12 =
> 10 ca 86 64 50 cf 93
> Nov 28 00:48:05 localhost pluto[3755]: | 24 13 55 7c 0a 00 00 50 00 =
> 00 00 01 00 00 00 01
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 44 00 03 04 02 a2 =
> c7 af 59 03 00 00 1c
> Nov 28 00:48:05 localhost pluto[3755]: | 00 03 00 00 80 03 00 02 80 =
> 04 00 01 80 01 00 01
> Nov 28 00:48:05 localhost pluto[3755]: | 80 02 70 80 80 05 00 01 00 =
> 00 00 1c 01 03 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 80 03 00 02 80 04 00 01 80 =
> 01 00 01 80 02 70 80
> Nov 28 00:48:05 localhost pluto[3755]: | 80 05 00 02 04 00 00 14 79 =
> da 61 89 8a ac ae 47
> Nov 28 00:48:05 localhost pluto[3755]: | 78 fe b7 5d 9f 09 3a b0 05 =
> 00 00 84 cf 16 c3 6b
> Nov 28 00:48:05 localhost pluto[3755]: | cc 2b 0d 90 8f 5a 01 92 c8 =
> 29 c5 7d 94 df 1b b6
> Nov 28 00:48:05 localhost pluto[3755]: | fe d5 39 5d ef 07 ca c6 47 =
> e3 af 95 7f 6a 95 b1
> Nov 28 00:48:05 localhost pluto[3755]: | 28 02 85 17 94 08 df cc e4 =
> 2a 2c 85 f4 c5 de 8e
> Nov 28 00:48:05 localhost pluto[3755]: | ed cc d3 19 98 cd 62 0d 52 =
> 02 56 9e c3 3d cd 83
> Nov 28 00:48:05 localhost pluto[3755]: | a3 da c0 7c eb 01 80 fa 58 =
> dd 03 09 8f 71 88 2c
> Nov 28 00:48:05 localhost pluto[3755]: | de 74 46 0e c8 d9 5d c7 97 =
> 43 ab d8 92 9c a9 18
> Nov 28 00:48:05 localhost pluto[3755]: | f5 58 12 ef 0e 21 8b 68 96 =
> 92 4e cb 00 fe 6d 0a
> Nov 28 00:48:05 localhost pluto[3755]: | 22 28 24 d2 d2 37 56 be 31 =
> af 06 7a 05 00 00 10
> Nov 28 00:48:05 localhost pluto[3755]: | 04 00 00 00 0a 01 02 00 ff =
> ff ff 00 00 00 00 10
> Nov 28 00:48:05 localhost pluto[3755]: | 04 00 00 00 c0 64 56 00 ff =
> ff ff 00
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 zero bytes of =
> encryption padding into ISAKMP Message
> Nov 28 00:48:05 localhost pluto[3755]: | encrypting using =
> OAKLEY_3DES_CBC
> Nov 28 00:48:05 localhost pluto[3755]: | next IV: ce ab 26 4b df 02 c2 =
> bc
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Message: 316
> Nov 28 00:48:05 localhost pluto[3755]: | sending 316 bytes for =
> quick_outI1 through eth0 to 203.92.128.195:500:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | 08 10 20 01 d0 c4 52 bb 00 =
> 00 01 3c 76 1f f3 4a
> Nov 28 00:48:05 localhost pluto[3755]: | 77 06 9e 2c fc f4 27 4b 3f =
> f3 a8 df 23 a7 b6 6c
> Nov 28 00:48:05 localhost pluto[3755]: | 33 df a6 80 00 af 3e df 3f =
> 13 f9 77 aa 28 53 b8
> Nov 28 00:48:05 localhost pluto[3755]: | c6 a3 56 e1 c2 b1 95 1a 33 =
> 3b ac a1 54 4b dc 95
> Nov 28 00:48:05 localhost pluto[3755]: | 97 61 42 b1 ab d5 42 85 32 =
> 94 89 bd 48 ae 24 54
> Nov 28 00:48:05 localhost pluto[3755]: | 39 8b b5 81 22 c5 8b d5 42 =
> 97 39 da 45 b1 3a 74
> Nov 28 00:48:05 localhost pluto[3755]: | 8e e2 03 f0 8f 35 1e 83 ac =
> 09 f7 bf 7c 3c 17 bc
> Nov 28 00:48:05 localhost pluto[3755]: | 1f 11 57 9d d5 d0 34 62 24 =
> 84 cc d7 c1 85 ae d3
> Nov 28 00:48:05 localhost pluto[3755]: | ce 28 22 85 96 7a 59 fd 8a =
> 49 e3 bb b6 24 46 d6
> Nov 28 00:48:05 localhost pluto[3755]: | 41 05 c1 41 f6 83 93 3a 38 =
> 6b 36 15 90 6a 9e 57
> Nov 28 00:48:05 localhost pluto[3755]: | 93 2e e7 9c cb 88 93 9e 71 =
> 21 03 86 d3 88 ae 4a
> Nov 28 00:48:05 localhost pluto[3755]: | 53 75 74 9b 32 d1 f7 61 65 =
> 1f 41 67 a0 0c 36 a3
> Nov 28 00:48:05 localhost pluto[3755]: | dc 03 2a 69 e4 ad 1e 24 c0 =
> 33 19 3c 5e 2b a0 00
> Nov 28 00:48:05 localhost pluto[3755]: | 33 4b 23 9e 66 26 8e 2a 42 =
> 9a 7a 5c d4 81 0f a9
> Nov 28 00:48:05 localhost pluto[3755]: | a0 5d 04 26 db 06 df f2 df =
> 35 fd a8 f9 78 5c 61
> Nov 28 00:48:05 localhost pluto[3755]: | 68 0c da e1 cf 96 20 06 15 =
> 05 da 59 5c 2c 6e 74
> Nov 28 00:48:05 localhost pluto[3755]: | 92 31 03 8c 66 92 9d 08 09 =
> 5b e7 3c 6b ba 8e a5
> Nov 28 00:48:05 localhost pluto[3755]: | 99 44 2d 92 47 b1 66 26 15 =
> 4b f9 13 bb 2f e4 e3
> Nov 28 00:48:05 localhost pluto[3755]: | eb 95 77 50 ce ab 26 4b df =
> 02 c2 bc
> Nov 28 00:48:05 localhost pluto[3755]: | inserting event =
> EVENT_RETRANSMIT, timeout in 10 seconds for #2
> Nov 28 00:48:05 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #2
> Nov 28 00:48:05 localhost pluto[3755]: | =20
> Nov 28 00:48:05 localhost pluto[3755]: | *received 68 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | 05 10 02 01 00 00 00 00 00 =
> 00 00 44 08 84 52 2e
> Nov 28 00:48:05 localhost pluto[3755]: | 4d 96 2f b0 bb 42 8e 7e 9e =
> 7f 58 39 a3 72 db d4
> Nov 28 00:48:05 localhost pluto[3755]: | 29 83 0d 70 6b c3 2e 34 4e =
> 25 b3 92 ee 14 64 61
> Nov 28 00:48:05 localhost pluto[3755]: | 76 26 9d ba
> Nov 28 00:48:05 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:05 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:05 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:05 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:05 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:05 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | length: 68
> Nov 28 00:48:05 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:05 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:05 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:05 localhost pluto[3755]: | state object #1 found, in =
> STATE_MAIN_I4
> Nov 28 00:48:05 localhost pluto[3755]: "bun-digi" #1: discarding =
> duplicate packet; already STATE_MAIN_I4
> Nov 28 00:48:05 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #2
> Nov 28 00:48:05 localhost pluto[3755]: | =20
> Nov 28 00:48:05 localhost pluto[3755]: | *received 68 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | 05 10 02 01 00 00 00 00 00 =
> 00 00 44 08 84 52 2e
> Nov 28 00:48:05 localhost pluto[3755]: | 4d 96 2f b0 bb 42 8e 7e 9e =
> 7f 58 39 a3 72 db d4
> Nov 28 00:48:05 localhost pluto[3755]: | 29 83 0d 70 6b c3 2e 34 4e =
> 25 b3 92 ee 14 64 61
> Nov 28 00:48:05 localhost pluto[3755]: | 76 26 9d ba
> Nov 28 00:48:05 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:05 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:05 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:05 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_IDPROT
> Nov 28 00:48:05 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:05 localhost pluto[3755]: | message ID: 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | length: 68
> Nov 28 00:48:05 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:05 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:05 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:05 localhost pluto[3755]: | state object #1 found, in =
> STATE_MAIN_I4
> Nov 28 00:48:05 localhost pluto[3755]: "bun-digi" #1: discarding =
> duplicate packet; already STATE_MAIN_I4
> Nov 28 00:48:05 localhost pluto[3755]: | next event EVENT_RETRANSMIT in =
> 10 seconds for #2
> Nov 28 00:48:05 localhost pluto[3755]: | =20
> Nov 28 00:48:05 localhost pluto[3755]: | *received 292 bytes from =
> 203.92.128.195:500 on eth0
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | 08 10 20 01 d0 c4 52 bb 00 =
> 00 01 24 94 8f 1b ee
> Nov 28 00:48:05 localhost pluto[3755]: | d4 02 8e 89 18 a6 9a 90 45 =
> d2 7e 1f 44 b9 bd 96
> Nov 28 00:48:05 localhost pluto[3755]: | 73 f8 2f 36 16 47 af 12 e1 =
> c5 17 d3 03 0e b7 9f
> Nov 28 00:48:05 localhost pluto[3755]: | 3a 2c 31 6a ae 78 79 d1 c5 =
> 65 86 ce 81 5e 3a 76
> Nov 28 00:48:05 localhost pluto[3755]: | 42 9d 01 90 00 69 55 8b 76 =
> 2b dc 91 1f 74 f3 11
> Nov 28 00:48:05 localhost pluto[3755]: | fd de 93 89 d7 b7 7f 1d 8e =
> ac 35 ab 42 44 73 e2
> Nov 28 00:48:05 localhost pluto[3755]: | 74 b6 f3 a4 54 e1 d8 0a 02 =
> bb a1 b2 23 7f 82 fd
> Nov 28 00:48:05 localhost pluto[3755]: | 76 c6 4f 28 02 cc c6 32 2a =
> 75 ec ff 32 e6 d2 f4
> Nov 28 00:48:05 localhost pluto[3755]: | c2 36 69 6a b2 89 96 78 18 =
> 81 8f 74 b9 13 03 b0
> Nov 28 00:48:05 localhost pluto[3755]: | df dd 95 97 5d d7 97 e4 f2 =
> 59 12 35 8e 56 72 6d
> Nov 28 00:48:05 localhost pluto[3755]: | 6d ea f3 3e 48 83 48 12 c2 =
> b4 ef a5 77 bf 6a 86
> Nov 28 00:48:05 localhost pluto[3755]: | 72 d9 a6 64 90 4f 30 48 53 =
> be 55 e0 f0 6f 59 46
> Nov 28 00:48:05 localhost pluto[3755]: | c1 05 5f 4a ba 53 38 78 d4 =
> c0 f1 d6 1f c7 58 36
> Nov 28 00:48:05 localhost pluto[3755]: | aa 20 2d 5b 2c c4 76 b9 6d =
> b4 99 0d e5 db a5 86
> Nov 28 00:48:05 localhost pluto[3755]: | d4 9b d6 0f 20 52 1f 92 cb =
> 48 6e 8b b1 81 34 4c
> Nov 28 00:48:05 localhost pluto[3755]: | a7 cd 46 79 a9 7b 5f c6 dc =
> bd b0 5c 35 4e d9 b7
> Nov 28 00:48:05 localhost pluto[3755]: | e1 27 84 b6 b3 66 8c cf 34 =
> 63 23 c9 fb 00 07 b8
> Nov 28 00:48:05 localhost pluto[3755]: | 4d 6b 27 2a
> Nov 28 00:48:05 localhost pluto[3755]: | **parse ISAKMP Message:
> Nov 28 00:48:05 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:05 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_HASH
> Nov 28 00:48:05 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:05 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_QUICK
> Nov 28 00:48:05 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:05 localhost pluto[3755]: | message ID: d0 c4 52 bb
> Nov 28 00:48:05 localhost pluto[3755]: | length: 292
> Nov 28 00:48:05 localhost pluto[3755]: | ICOOKIE: a1 b4 fe c5 40 41 72 =
> 3a
> Nov 28 00:48:05 localhost pluto[3755]: | RCOOKIE: b1 8e 72 23 24 c4 79 =
> 1d
> Nov 28 00:48:05 localhost pluto[3755]: | peer: cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | state hash entry 11
> Nov 28 00:48:05 localhost pluto[3755]: | state object #2 found, in =
> STATE_QUICK_I1
> Nov 28 00:48:05 localhost pluto[3755]: | received encrypted packet from =
> 203.92.128.195:500
> Nov 28 00:48:05 localhost pluto[3755]: | decrypting 264 bytes using =
> algorithm OAKLEY_3DES_CBC
> Nov 28 00:48:05 localhost pluto[3755]: | decrypted:
> Nov 28 00:48:05 localhost pluto[3755]: | 01 00 00 14 2d ca 23 99 6f =
> 5f 3c 95 ae 34 00 b1
> Nov 28 00:48:05 localhost pluto[3755]: | 6f 53 31 54 0a 00 00 34 00 =
> 00 00 01 00 00 00 01
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 28 01 03 04 01 5c =
> 72 5b 31 00 00 00 1c
> Nov 28 00:48:05 localhost pluto[3755]: | 01 03 00 00 80 03 00 02 80 =
> 04 00 01 80 01 00 01
> Nov 28 00:48:05 localhost pluto[3755]: | 80 02 70 80 80 05 00 01 04 =
> 00 00 18 14 d0 35 89
> Nov 28 00:48:05 localhost pluto[3755]: | 13 9a 42 a8 3e 78 f0 8c 4e =
> 1b 61 90 74 53 f0 55
> Nov 28 00:48:05 localhost pluto[3755]: | 05 00 00 84 0f ce 71 e8 de =
> 27 e6 b3 4a db 87 e2
> Nov 28 00:48:05 localhost pluto[3755]: | c4 75 83 3e af 56 a6 89 a8 =
> 1e a7 10 6d 24 78 c7
> Nov 28 00:48:05 localhost pluto[3755]: | e6 c3 e8 11 c4 4f 47 4a a6 =
> 6a c1 79 b6 b7 84 30
> Nov 28 00:48:05 localhost pluto[3755]: | 80 b5 ce f1 f1 f2 07 45 5d =
> b3 2f d8 7c c8 27 8d
> Nov 28 00:48:05 localhost pluto[3755]: | 72 ef 6d 24 08 c8 d8 1e 9a =
> f6 b0 f7 84 6d 93 d1
> Nov 28 00:48:05 localhost pluto[3755]: | ee 7f 17 a7 0b 80 37 3a 25 =
> f7 a6 a9 5c 17 0d 13
> Nov 28 00:48:05 localhost pluto[3755]: | 71 3b 25 9c 47 6f 31 96 31 =
> 41 02 65 2f 43 c9 11
> Nov 28 00:48:05 localhost pluto[3755]: | 6c 05 63 72 a5 ca ea 4c 46 =
> 26 58 50 d5 8d 73 7c
> Nov 28 00:48:05 localhost pluto[3755]: | aa 63 47 fa 05 00 00 10 04 =
> 00 00 00 0a 01 02 00
> Nov 28 00:48:05 localhost pluto[3755]: | ff ff ff 00 00 00 00 10 04 =
> 00 00 00 c0 64 56 00
> Nov 28 00:48:05 localhost pluto[3755]: | ff ff ff 00 00 00 00 03
> Nov 28 00:48:05 localhost pluto[3755]: | next IV: fb 00 07 b8 4d 6b 27 =
> 2a
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Hash Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_SA
> Nov 28 00:48:05 localhost pluto[3755]: | length: 20
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Security =
> Association Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONCE
> Nov 28 00:48:05 localhost pluto[3755]: | length: 52
> Nov 28 00:48:05 localhost pluto[3755]: | DOI: ISAKMP_DOI_IPSEC
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Nonce Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_KE
> Nov 28 00:48:05 localhost pluto[3755]: | length: 24
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Key Exchange =
> Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | length: 132
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Identification =
> Payload (IPsec DOI):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_ID
> Nov 28 00:48:05 localhost pluto[3755]: | length: 16
> Nov 28 00:48:05 localhost pluto[3755]: | ID type: ID_IPV4_ADDR_SUBNET
> Nov 28 00:48:05 localhost pluto[3755]: | Protocol ID: 0
> Nov 28 00:48:05 localhost pluto[3755]: | port: 0
> Nov 28 00:48:05 localhost pluto[3755]: | ***parse ISAKMP Identification =
> Payload (IPsec DOI):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | length: 16
> Nov 28 00:48:05 localhost pluto[3755]: | ID type: ID_IPV4_ADDR_SUBNET
> Nov 28 00:48:05 localhost pluto[3755]: | Protocol ID: 0
> Nov 28 00:48:05 localhost pluto[3755]: | port: 0
> Nov 28 00:48:05 localhost pluto[3755]: | removing 4 bytes of padding
> Nov 28 00:48:05 localhost pluto[3755]: | **emit ISAKMP Message:
> Nov 28 00:48:05 localhost pluto[3755]: | initiator cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a
> Nov 28 00:48:05 localhost pluto[3755]: | responder cookie:
> Nov 28 00:48:05 localhost pluto[3755]: | b1 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_HASH
> Nov 28 00:48:05 localhost pluto[3755]: | ISAKMP version: ISAKMP =
> Version 1.0
> Nov 28 00:48:05 localhost pluto[3755]: | exchange type: =
> ISAKMP_XCHG_QUICK
> Nov 28 00:48:05 localhost pluto[3755]: | flags: =
> ISAKMP_FLAG_ENCRYPTION
> Nov 28 00:48:05 localhost pluto[3755]: | message ID: d0 c4 52 bb
> Nov 28 00:48:05 localhost pluto[3755]: | HASH(2) computed:
> Nov 28 00:48:05 localhost pluto[3755]: | 2d ca 23 99 6f 5f 3c 95 ae =
> 34 00 b1 6f 53 31 54
> Nov 28 00:48:05 localhost pluto[3755]: | ****parse IPsec DOI SIT:
> Nov 28 00:48:05 localhost pluto[3755]: | IPsec DOI SIT: =
> SIT_IDENTITY_ONLY
> Nov 28 00:48:05 localhost pluto[3755]: | ****parse ISAKMP Proposal =
> Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | length: 40
> Nov 28 00:48:05 localhost pluto[3755]: | proposal number: 1
> Nov 28 00:48:05 localhost pluto[3755]: | protocol ID: PROTO_IPSEC_ESP
> Nov 28 00:48:05 localhost pluto[3755]: | SPI size: 4
> Nov 28 00:48:05 localhost pluto[3755]: | number of transforms: 1
> Nov 28 00:48:05 localhost pluto[3755]: | parsing 4 raw bytes of ISAKMP =
> Proposal Payload into SPI
> Nov 28 00:48:05 localhost pluto[3755]: | SPI 5c 72 5b 31
> Nov 28 00:48:05 localhost pluto[3755]: | *****parse ISAKMP Transform =
> Payload (ESP):
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | length: 28
> Nov 28 00:48:05 localhost pluto[3755]: | transform number: 1
> Nov 28 00:48:05 localhost pluto[3755]: | transform ID: ESP_3DES
> Nov 28 00:48:05 localhost pluto[3755]: | ******parse ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: GROUP_DESCRIPTION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 2
> Nov 28 00:48:05 localhost pluto[3755]: | [2 is OAKLEY_GROUP_MODP1024]
> Nov 28 00:48:05 localhost pluto[3755]: | ******parse ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: ENCAPSULATION_MODE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is =
> ENCAPSULATION_MODE_TUNNEL]
> Nov 28 00:48:05 localhost pluto[3755]: | ******parse ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_TYPE
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is SA_LIFE_TYPE_SECONDS]
> Nov 28 00:48:05 localhost pluto[3755]: | ******parse ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: SA_LIFE_DURATION
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 28800
> Nov 28 00:48:05 localhost pluto[3755]: | ******parse ISAKMP IPsec DOI =
> attribute:
> Nov 28 00:48:05 localhost pluto[3755]: | af+type: AUTH_ALGORITHM
> Nov 28 00:48:05 localhost pluto[3755]: | length/value: 1
> Nov 28 00:48:05 localhost pluto[3755]: | [1 is =
> AUTH_ALGORITHM_HMAC_MD5]
> Nov 28 00:48:05 localhost pluto[3755]: | DH public value received:
> Nov 28 00:48:05 localhost pluto[3755]: | 0f ce 71 e8 de 27 e6 b3 4a =
> db 87 e2 c4 75 83 3e
> Nov 28 00:48:05 localhost pluto[3755]: | af 56 a6 89 a8 1e a7 10 6d =
> 24 78 c7 e6 c3 e8 11
> Nov 28 00:48:05 localhost pluto[3755]: | c4 4f 47 4a a6 6a c1 79 b6 =
> b7 84 30 80 b5 ce f1
> Nov 28 00:48:05 localhost pluto[3755]: | f1 f2 07 45 5d b3 2f d8 7c =
> c8 27 8d 72 ef 6d 24
> Nov 28 00:48:05 localhost pluto[3755]: | 08 c8 d8 1e 9a f6 b0 f7 84 =
> 6d 93 d1 ee 7f 17 a7
> Nov 28 00:48:05 localhost pluto[3755]: | 0b 80 37 3a 25 f7 a6 a9 5c =
> 17 0d 13 71 3b 25 9c
> Nov 28 00:48:05 localhost pluto[3755]: | 47 6f 31 96 31 41 02 65 2f =
> 43 c9 11 6c 05 63 72
> Nov 28 00:48:05 localhost pluto[3755]: | a5 ca ea 4c 46 26 58 50 d5 =
> 8d 73 7c aa 63 47 fa
> Nov 28 00:48:05 localhost pluto[3755]: | DH shared secret:
> Nov 28 00:48:05 localhost pluto[3755]: | 50 1c 54 44 ce 8d 19 38 80 =
> 5e e2 ab b6 09 61 73
> Nov 28 00:48:05 localhost pluto[3755]: | b4 0d a3 94 db 95 11 ff b4 =
> 99 c8 ce ee e1 c5 f5
> Nov 28 00:48:05 localhost pluto[3755]: | 79 5b 43 44 44 f6 a2 a8 4b =
> 14 74 6b 1c 38 dd 91
> Nov 28 00:48:05 localhost pluto[3755]: | 47 4a b6 d4 3f 1b 9c f2 fd =
> b7 94 f0 db a2 31 98
> Nov 28 00:48:05 localhost pluto[3755]: | 0a 98 11 71 b2 f1 42 c4 e1 =
> e0 b8 4e a9 e2 86 0d
> Nov 28 00:48:05 localhost pluto[3755]: | 7b c4 bd 93 a3 47 d4 00 40 =
> b6 cf df 96 bd 26 1e
> Nov 28 00:48:05 localhost pluto[3755]: | b5 e4 51 90 21 9c 2d e5 d2 =
> ee a3 9b fd 8b 03 96
> Nov 28 00:48:05 localhost pluto[3755]: | 04 50 45 f8 da 26 50 e3 f7 =
> 4a d1 a2 c4 6e c3 c0
> Nov 28 00:48:05 localhost pluto[3755]: | our client is subnet =
> 10.1.2.0/24
> Nov 28 00:48:05 localhost pluto[3755]: | peer client is subnet =
> 192.100.86.0/24
> Nov 28 00:48:05 localhost pluto[3755]: | ***emit ISAKMP Hash Payload:
> Nov 28 00:48:05 localhost pluto[3755]: | next payload type: =
> ISAKMP_NEXT_NONE
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 16 zero bytes of HASH =
> into ISAKMP Hash Payload
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP Hash =
> Payload: 20
> Nov 28 00:48:05 localhost pluto[3755]: | HASH(3) computed: 54 8e 59 d1 =
> 0d 2f 93 a2 b0 a4 9f fc d3 a0 30 92
> Nov 28 00:48:05 localhost pluto[3755]: | KEYMAT computed:
> Nov 28 00:48:05 localhost pluto[3755]: | a4 f7 56 d9 65 7e e0 99 6e =
> f3 b4 b0 8c 61 a4 ff
> Nov 28 00:48:05 localhost pluto[3755]: | cd ce 64 bd 40 ee 4d e5 68 =
> cf 1c 7e b8 9f 5c 3e
> Nov 28 00:48:05 localhost pluto[3755]: | 15 2f c5 62 12 b2 27 f9
> Nov 28 00:48:05 localhost pluto[3755]: | Peer KEYMAT computed:
> Nov 28 00:48:05 localhost pluto[3755]: | 9b 29 c5 7b f6 32 d0 e6 1b =
> 9c 03 a8 75 d0 a0 a5
> Nov 28 00:48:05 localhost pluto[3755]: | b8 eb e4 6a e5 80 b3 08 bc =
> 12 1b cb 5e a6 1c d8
> Nov 28 00:48:05 localhost pluto[3755]: | fb bb 20 e4 07 1e cc 32
> Nov 28 00:48:05 localhost pluto[3755]: | route owner of "bun-digi" =
> CK_PERMANENT trap erouted: self; eroute owner: self
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_ADD =
> message 6 for Add ESP SA esp.a2c7af59_at_202.184.1.233
> Nov 28 00:48:05 localhost pluto[3755]: | 02 03 00 03 11 00 00 00 06 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 a2 c7 af 59 40 =
> 01 02 03 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 01 f4 cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 00 00 ca b8 01 e9 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 08 00 80 00 00 00 68 =
> cf 1c 7e b8 9f 5c 3e
> Nov 28 00:48:05 localhost pluto[3755]: | 15 2f c5 62 12 b2 27 f9 04 =
> 00 09 00 c0 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | a4 f7 56 d9 65 7e e0 99 6e =
> f3 b4 b0 8c 61 a4 ff
> Nov 28 00:48:05 localhost pluto[3755]: | cd ce 64 bd 40 ee 4d e5
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_ADD message 6
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_ADD =
> message 7 for Add IPIP SA tun.1001_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | 02 03 00 09 0a 00 00 00 07 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 00 00 10 01 00 =
> 01 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 01 f4 cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 00 00 ca b8 01 e9 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_ADD message 7
> Nov 28 00:48:05 localhost pluto[3755]: | grouping tun.1001_at_202.184.1.233 =
> and esp.a2c7af59_at_202.184.1.233
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_X_GRPSA =
> message 8 for group tun.1001_at_202.184.1.233
> Nov 28 00:48:05 localhost pluto[3755]: | 02 0d 00 09 0d 00 00 00 08 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 00 00 10 01 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 06 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 01 =
> 00 12 00 03 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 13 00 a2 c7 af 59 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 14 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_X_GRPSA message =
> 8
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_ADD =
> message 9 for Add ESP SA esp.5c725b31_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | 02 03 00 03 11 00 00 00 09 =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 5c 72 5b 31 40 =
> 01 02 03 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 f4 cb 5c 80 c3 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 08 00 80 00 00 00 bc =
> 12 1b cb 5e a6 1c d8
> Nov 28 00:48:05 localhost pluto[3755]: | fb bb 20 e4 07 1e cc 32 04 =
> 00 09 00 c0 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 9b 29 c5 7b f6 32 d0 e6 1b =
> 9c 03 a8 75 d0 a0 a5
> Nov 28 00:48:05 localhost pluto[3755]: | b8 eb e4 6a e5 80 b3 08
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_ADD message 9
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_ADD =
> message 10 for Add IPIP SA tun.1002_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | 02 03 00 09 0a 00 00 00 0a =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 00 00 10 02 00 =
> 01 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 f4 cb 5c 80 c3 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_ADD message 10
> Nov 28 00:48:05 localhost pluto[3755]: | grouping =
> tun.1002_at_203.92.128.195 and esp.5c725b31_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: SADB_X_GRPSA =
> message 11 for group tun.1002_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | 02 0d 00 09 0d 00 00 00 0b =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 00 00 10 02 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 06 00 00 00 00 00 02 =
> 00 01 f4 cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 01 =
> 00 12 00 03 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 13 00 5c 72 5b 31 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 14 00 00 00 00 00 02 =
> 00 01 f4 cb 5c 80 c3
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_X_GRPSA message =
> 11
> Nov 28 00:48:05 localhost pluto[3755]: | route owner of "bun-digi" =
> CK_PERMANENT trap erouted: self; eroute owner: self
> Nov 28 00:48:05 localhost pluto[3755]: | replace eroute 10.1.2.0/24 -> =
> 192.100.86.0/24 =3D> tun.1002_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | finish_pfkey_msg: =
> SADB_X_ADDFLOW message 12 for flow tun.1002_at_203.92.128.195
> Nov 28 00:48:05 localhost pluto[3755]: | 02 0e 00 09 16 00 00 00 0c =
> 00 00 00 ab 0e 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 00 00 00 10 02 00 =
> 00 00 00 02 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 05 00 00 00 00 00 02 =
> 00 00 00 ca b8 01 e9
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 00 00 00 00 00 03 =
> 00 06 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 01 f4 cb 5c 80 c3 00 =
> 00 00 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 15 00 00 00 00 00 02 =
> 00 00 00 0a 01 02 00
> Nov 28 00:48:05 localhost pluto[3755]: | 28 e0 ff bf 83 4e 0c 42 03 =
> 00 16 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 00 00 c0 64 56 00 28 =
> e0 ff bf 83 4e 0c 42
> Nov 28 00:48:05 localhost pluto[3755]: | 03 00 17 00 00 00 00 00 02 =
> 00 00 00 ff ff ff 00
> Nov 28 00:48:05 localhost pluto[3755]: | 04 00 00 00 02 00 00 00 03 =
> 00 18 00 00 00 00 00
> Nov 28 00:48:05 localhost pluto[3755]: | 02 00 00 00 ff ff ff 00 31 =
> 39 35 00 17 1d 07 08
> Nov 28 00:48:05 localhost pluto[3755]: | pfkey_get: SADB_X_ADDFLOW =
> message 12
> Nov 28 00:48:05 localhost pluto[3755]: | executing up-client: 2>&1 =
> PLUTO_VERSION=3D'1.1' PLUTO_VERB=3D'up-client' =
> PLUTO_CONNECTION=3D'bun-digi' PLUTO_NEXT_HOP=3D'202.184.1.225' =
> PLUTO_INTERFACE=3D'ipsec0' PLUTO_ME=3D'202.184.1.233' =
> PLUTO_MY_CLIENT=3D'10.1.2.0/24' PLUTO_MY_CLIENT_NET=3D'10.1.2.0' =
> PLUTO_MY_CLIENT_MASK=3D'255.255.255.0' PLUTO_PEER=3D'203.92.128.195' =
> PLUTO_PEER_CLIENT=3D'192.100.86.0/24' =
> PLUTO_PEER_CLIENT_NET=3D'192.100.86.0' =
> PLUTO_PEER_CLIENT_MASK=3D'255.255.255.0' ipsec _updown
> Nov 28 00:48:05 localhost pluto[3755]: | encrypting:
> Nov 28 00:48:05 localhost pluto[3755]: | 00 00 00 14 54 8e 59 d1 0d =
> 2f 93 a2 b0 a4 9f fc
> Nov 28 00:48:05 localhost pluto[3755]: | d3 a0 30 92
> Nov 28 00:48:05 localhost pluto[3755]: | emitting 4 zero bytes of =
> encryption padding into ISAKMP Message
> Nov 28 00:48:05 localhost pluto[3755]: | encrypting using =
> OAKLEY_3DES_CBC
> Nov 28 00:48:05 localhost pluto[3755]: | next IV: 5e 66 4c 09 3b b7 93 =
> d5
> Nov 28 00:48:05 localhost pluto[3755]: | emitting length of ISAKMP =
> Message: 52
> Nov 28 00:48:05 localhost pluto[3755]: | sending 52 bytes for =
> STATE_QUICK_I1 through eth0 to 203.92.128.195:500:
> Nov 28 00:48:05 localhost pluto[3755]: | a1 b4 fe c5 40 41 72 3a b1 =
> 8e 72 23 24 c4 79 1d
> Nov 28 00:48:05 localhost pluto[3755]: | 08 10 20 01 d0 c4 52 bb 00 =
> 00 00 34 0f 9a 67 27
> Nov 28 00:48:05 localhost pluto[3755]: | a6 75 12 84 0f 81 0a f5 3d =
> 3c 64 50 5e 66 4c 09
> Nov 28 00:48:05 localhost pluto[3755]: | 3b b7 93 d5
> Nov 28 00:48:05 localhost pluto[3755]: | inserting event =
> EVENT_SA_REPLACE, timeout in 28082 seconds for #2
> Nov 28 00:48:05 localhost pluto[3755]: "bun-digi" #2: sent QI2, IPsec SA =
> established
> Nov 28 00:48:05 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 119 seconds
> Nov 28 00:48:52 localhost pluto[3755]: | =20
> Nov 28 00:48:52 localhost pluto[3755]: | *received whack message
> Nov 28 00:48:52 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 72 seconds
> Nov 28 00:50:04 localhost pluto[3755]: | =20
> Nov 28 00:50:04 localhost pluto[3755]: | *time to handle event
> Nov 28 00:50:04 localhost pluto[3755]: | event after this is =
> EVENT_SA_REPLACE in 2611 seconds
> Nov 28 00:50:04 localhost pluto[3755]: | inserting event =
> EVENT_SHUNT_SCAN, timeout in 120 seconds
> Nov 28 00:50:04 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 120 seconds
> Nov 28 00:50:16 localhost pluto[3755]: | =20
> Nov 28 00:50:16 localhost pluto[3755]: | *received whack message
> Nov 28 00:50:16 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 108 seconds
> Nov 28 00:51:54 localhost pluto[3755]: | =20
> Nov 28 00:51:54 localhost pluto[3755]: | *received whack message
> Nov 28 00:51:54 localhost pluto[3755]: | next event EVENT_SHUNT_SCAN in =
> 10 seconds
> + _________________________ date
> + date
> Thu Nov 28 00:51:56 MYT 2002
> [root_at_localhost Install]#
> ------=_NextPart_000_0037_01C2967B.50AE28D0--
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: esv: "[Users] problems with Freeswan 1.99+x509 with XP Roadwarrior"
• Previous message: Ken Bantoft: "Re: [Users] Samba Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:53 CET