jmj Mon Apr 15 20:16:34 PDT 2002 + _________________________ version + ipsec --version Linux FreeS/WAN 1.96 See `ipsec --copyright' for copyright information. + _________________________ proc/version + cat /proc/version Linux version 2.4.18 (root@jmj) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #5 SMP Thu Apr 11 12:36:09 PDT 2002 + _________________________ proc/net/ipsec_eroute + sort +3 /proc/net/ipsec_eroute + _________________________ proc/net/ipsec_spi + cat /proc/net/ipsec_spi + _________________________ proc/net/ipsec_spigrp + cat /proc/net/ipsec_spigrp + _________________________ netstart-rn + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.0.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 192.168.2.1 0.0.0.0 UG 40 0 0 eth0 + _________________________ proc/net/ipsec_tncfg + cat /proc/net/ipsec_tncfg ipsec0 -> eth0 mtu=16260(1500) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 ipsec2 -> NULL mtu=0(0) -> 0 ipsec3 -> NULL mtu=0(0) -> 0 + _________________________ proc/net/pf_key + cat /proc/net/pf_key sock pid socket next prev e n p sndbf Flags Type St c8dda880 5575 c3760ea0 0 0 0 0 2 65535 00000000 3 1 + _________________________ proc/net/pf_key-star + cd /proc/net + egrep '^' pf_key_registered pf_key_supported pf_key_registered:satype socket pid sk pf_key_registered: 2 c3760ea0 5575 c8dda880 pf_key_registered: 3 c3760ea0 5575 c8dda880 pf_key_registered: 9 c3760ea0 5575 c8dda880 pf_key_registered: 10 c3760ea0 5575 c8dda880 pf_key_supported:satype exttype alg_id ivlen minbits maxbits pf_key_supported: 2 14 3 0 160 160 pf_key_supported: 2 14 2 0 128 128 pf_key_supported: 3 15 3 128 168 168 pf_key_supported: 3 14 3 0 160 160 pf_key_supported: 3 14 2 0 128 128 pf_key_supported: 9 15 1 0 32 32 pf_key_supported: 10 15 2 0 1 1 + _________________________ proc/sys/net/ipsec-star + cd /proc/sys/net/ipsec + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check tos debug_ah:-1 debug_eroute:-1 debug_esp:-1 debug_ipcomp:-1 debug_netlink:2147483647 debug_pfkey:-1 debug_radij:-1 debug_rcv:-1 debug_spi:-1 debug_tunnel:-1 debug_verbose:0 debug_xform:-1 icmp:1 inbound_policy_check:1 tos:1 + _________________________ ipsec/status + ipsec auto --status 000 interface ipsec0/eth0 192.168.2.166 000 000 "laptop-test1-any" instance: 10.0.1.0/24===192.168.2.166---192.168.2.1...192.168.2.121===10.0.2.0/24 000 "laptop-test1-any" instance: ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 "laptop-test1-any" instance: policy: PSK+ENCRYPT+TUNNEL; interface: eth0; unrouted 000 "laptop-test1-any" instance: newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0 000 "laptop-test1-any": 10.0.1.0/24===192.168.2.166---192.168.2.1...%any===10.0.2.0/24 000 "laptop-test1-any": ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 "laptop-test1-any": policy: PSK+ENCRYPT+TUNNEL; interface: eth0; unrouted 000 "laptop-test1-any": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 #2: "laptop-test1-any" 192.168.2.121 STATE_MAIN_R1 (sent MR1, expecting MI2); EVENT_RETRANSMIT in 3s 000 #1: "laptop-test1-any" 192.168.2.121 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 14064s; newest ISAKMP + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:E0:98:9D:21:C3 inet addr:192.168.2.166 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:122194 errors:8 dropped:1261 overruns:0 frame:248 TX packets:53782 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:81872882 (78.0 Mb) TX bytes:4532279 (4.3 Mb) Interrupt:3 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:10:7A:98:33:0F inet addr:10.0.1.25 Bcast:10.0.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:240 (240.0 b) Interrupt:11 Base address:0x320 gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec0 Link encap:Ethernet HWaddr 00:E0:98:9D:21:C3 inet addr:192.168.2.166 Mask:255.255.255.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec1 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec2 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec3 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:153 errors:0 dropped:0 overruns:0 frame:0 TX packets:153 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9934 (9.7 Kb) TX bytes:9934 (9.7 Kb) teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn jmj.netridge.com + _________________________ hostname/ipaddress + hostname --ip-address 127.0.0.1 + _________________________ uptime + uptime 8:16pm up 12:35, 8 users, load average: 0.12, 0.45, 0.98 + _________________________ ps + ps alxw + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 040 0 5568 1 9 0 1992 936 wait4 S pts/6 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids 100 0 5569 1 9 0 1380 412 pipe_w S pts/6 0:00 logger -p daemon.error -t ipsec__plutorun 040 0 5572 5568 9 0 1992 936 wait4 S pts/6 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug all --uniqueids 100 0 5573 5568 8 0 1980 920 pipe_w S pts/6 0:00 /bin/sh /usr/local/lib/ipsec/_plutoload --load %search --start 100 0 5575 5572 9 0 2020 912 do_sel S pts/6 0:00 /usr/local/lib/ipsec/pluto --nofork --debug-all --uniqueids 100 0 5828 4446 9 0 2228 992 wait4 S pts/6 0:00 /bin/sh /usr/local/sbin/ipsec barf 100 0 5829 5828 12 0 2260 1044 wait4 S pts/6 0:00 /bin/sh /usr/local/lib/ipsec/barf 000 0 5869 5829 12 0 1496 528 pipe_w S pts/6 0:00 egrep -i ppid|pluto|ipsec|klips + _________________________ ipsec/showdefaults + ipsec showdefaults #dr: no default route # no default route # no default route + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. #keyexchange=ike #auto=start #auth=esp #authby=secret #pfs=yes #keylife=5m #rekey=[sums to eb45...] #keylife=10mA #keyingtries=2 #ikelifetime=20m #compress=no # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces="ipsec0=eth0" pluto=yes # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=all plutodebug=all # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions # (mostly to fix internal defaults which, in retrospect, were badly chosen) conn %default keyingtries=0 disablearrivalcheck=no keyexchange=ike ikelifetime=240m keylife=60m compress=no authby=secret # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) conn clnt81-fwvpn11-fwvpn31-sf left=10.0.0.11 leftnexthop=172.16.0.11 leftsubnet=192.168.0.0/24 leftfirewall=yes right=192.168.0.31 rightnexthop=172.16.1.31 # the subnet may be problematic rightsubnet=192.168.0.0/24 rightfirewall=yes conn sf-fwvpn31-fwvpn11-clnt81 left=192.168.0.31 leftnexthop=172.16.1.31 leftsubnet=192.168.0.0/24 leftfirewall=yes right=10.0.0.11 rightnexthop=172.16.0.11 # the subnet may be problematic rightsubnet=192.168.0.0/24 rightfirewall=yes conn home-nr22-any type=tunnel authby=secret #left=%any #leftfirewall=yes left=192.168.2.7 leftnexthop=64.81.70.1 leftsubnet=192.168.2.0/24 right=216.218.228.92 rightnexthop=216.218.228.89 rightsubnet=192.168.0.0/24 #rightfirewall=yes #keyingtries=1 conn home-nr22-perm type=tunnel authby=secret left=64.81.70.18 #leftfirewall=yes leftsubnet=192.168.2.0/24 leftnexthop=64.81.70.1 right=216.218.228.92 rightnexthop=216.218.228.89 rightsubnet=192.168.0.0/24 #rightfirewall=yes conn laptop-test1-any type=tunnel left=192.168.2.166 leftnexthop=192.168.2.1 leftsubnet=10.0.1.0/24 right=%any rightsubnet=10.0.2.0/24 keyingtries=1 pfs=no auto=add conn laptop-test1 type=tunnel authby=secret #leftfirewall=yes left=192.168.2.166 leftnexthop=192.168.2.1 leftsubnet=10.0.1.0/24 right=192.168.2.121 rightnexthop=192.168.2.1 rightsubnet=171.68.23.0/24 #right=%any #rightsubnet=171.68.23.0/24 #keyingtries=0 pfs=no #auto=add conn me-to-anyone left=%defaultroute right=%opportunistic keylife=1h rekey=[sums to e4ac...] # uncomment this next line to enable it #auto=route # sample VPN connection conn sample # Left security gateway, subnet behind it, next hop toward right. left=10.0.0.1 leftsubnet=172.16.0.0/24 leftnexthop=10.22.33.44 # Right security gateway, subnet behind it, next hop toward left. right=10.12.12.1 rightsubnet=192.168.0.0/24 rightnexthop=10.101.102.103 # To authorize this connection, but not actually start it, at startup, # uncomment this. #auto=add + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "[sums to ef67...]". 192.168.2.166 0.0.0.0: PSK "[sums to 07c8...]" 192.168.2.166 %any: PSK "[sums to 07c8...]" 192.168.2.166 192.168.2.121: PSK "[sums to 07c8...]" 0.0.0.0 192.168.2.166: PSK "[sums to 07c8...]" 192.168.2.7 216.218.228.92: PSK "[sums to 07c8...]" 216.218.228.92 192.168.2.7: PSK "[sums to 07c8...]" 64.81.70.18 216.218.228.92: PSK "[sums to 07c8...]" 216.218.228.92 64.81.70.18: PSK "[sums to 07c8...]" : RSA { # RSA 2048 bits localhost.localdomain Sat Mar 9 11:07:26 2002 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[sums to 484f...] #IN KEY 0x4200 4 1 [sums to b034...] # (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA) Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } # do not change the indenting of that "[sums to 7d9d...]" + _________________________ ipsec/ls-dir + ls -l /usr/local/lib/ipsec total 3632 -rwxr-xr-x 1 root root 11089 Apr 3 21:04 _confread -rwxr-xr-x 1 root root 11089 Mar 29 19:12 _confread.old -rwxr-xr-x 1 root root 46485 Apr 3 21:04 _copyright -rwxr-xr-x 1 root root 46485 Mar 29 19:12 _copyright.old -rwxr-xr-x 1 root root 2163 Apr 3 21:04 _include -rwxr-xr-x 1 root root 2163 Mar 29 19:12 _include.old -rwxr-xr-x 1 root root 1383 Apr 3 21:04 _keycensor -rwxr-xr-x 1 root root 1383 Mar 29 19:12 _keycensor.old -rwxr-xr-x 1 root root 3495 Apr 3 21:04 _plutoload -rwxr-xr-x 1 root root 3495 Mar 29 19:12 _plutoload.old -rwxr-xr-x 1 root root 3622 Apr 3 21:04 _plutorun -rwxr-xr-x 1 root root 3622 Mar 29 19:12 _plutorun.old -rwxr-xr-x 1 root root 7272 Apr 3 21:04 _realsetup -rwxr-xr-x 1 root root 7272 Mar 29 19:12 _realsetup.old -rwxr-xr-x 1 root root 1904 Apr 3 21:04 _secretcensor -rwxr-xr-x 1 root root 1904 Mar 29 19:12 _secretcensor.old -rwxr-xr-x 1 root root 6076 Apr 3 21:04 _startklips -rwxr-xr-x 1 root root 6076 Mar 29 19:12 _startklips.old -rwxr-xr-x 1 root root 5262 Apr 3 21:04 _updown -rwxr-xr-x 1 root root 5262 Mar 29 19:12 _updown.old -rwxr-xr-x 1 root root 12243 Apr 3 21:04 auto -rwxr-xr-x 1 root root 12243 Mar 29 19:12 auto.old -rwxr-xr-x 1 root root 7031 Apr 3 21:04 barf -rwxr-xr-x 1 root root 7031 Mar 29 19:12 barf.old -rwxr-xr-x 1 root root 222307 Apr 3 21:04 eroute -rwxr-xr-x 1 root root 2833 Apr 3 21:04 ipsec -rwxr-xr-x 1 root root 2833 Mar 29 19:12 ipsec.old -rw-r--r-- 1 root root 1950 Apr 3 21:04 ipsec_pr.template -rwxr-xr-x 1 root root 161582 Apr 3 21:04 klipsdebug -rwxr-xr-x 1 root root 2437 Apr 3 21:04 look -rwxr-xr-x 1 root root 2437 Mar 29 19:12 look.old -rwxr-xr-x 1 root root 16172 Apr 3 21:04 manual -rwxr-xr-x 1 root root 16172 Mar 29 19:12 manual.old -rwxr-xr-x 1 root root 1691 Apr 3 21:04 newhostkey -rwxr-xr-x 1 root root 1691 Mar 29 19:12 newhostkey.old -rwxr-xr-x 1 root root 135314 Apr 3 21:04 pf_key -rwxr-xr-x 1 root root 852306 Apr 3 21:04 pluto -rwxr-xr-x 1 root root 852306 Mar 29 19:12 pluto.old -rwxr-xr-x 1 root root 52658 Apr 3 21:04 ranbits -rwxr-xr-x 1 root root 52658 Mar 29 19:12 ranbits.old -rwxr-xr-x 1 root root 74596 Apr 3 21:04 rsasigkey -rwxr-xr-x 1 root root 74596 Mar 29 19:12 rsasigkey.old -rwxr-xr-x 1 root root 16671 Apr 3 21:04 send-pr -rwxr-xr-x 1 root root 16671 Mar 29 19:12 send-pr.old lrwxrwxrwx 1 root root 22 Apr 3 21:04 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1041 Apr 3 21:04 showdefaults -rwxr-xr-x 1 root root 1041 Mar 29 19:12 showdefaults.old -rwxr-xr-x 1 root root 3484 Apr 3 21:04 showhostkey -rwxr-xr-x 1 root root 3484 Mar 29 19:12 showhostkey.old -rwxr-xr-x 1 root root 242374 Apr 3 21:04 spi -rwxr-xr-x 1 root root 199441 Apr 3 21:04 spigrp -rwxr-xr-x 1 root root 68561 Apr 3 21:04 tncfg -rwxr-xr-x 1 root root 131579 Apr 3 21:04 whack -rwxr-xr-x 1 root root 131579 Mar 29 19:12 whack.old + _________________________ ipsec/updowns ++ ls /usr/local/lib/ipsec ++ egrep updown + cat /usr/local/lib/ipsec/_updown #! /bin/sh # default updown script # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown,v 1.18 2001/11/09 04:12:19 henry Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, make a copy of this under another name, and customize # that, and use the (left/right)updown parameters in ipsec.conf to make # FreeS/WAN use yours instead of this default one. # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$1:$*" in ':') # no parameters ;; ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only ;; custom:*) # custom parameters (see above CAUTION comment) ;; *) echo "$0: unknown parameters \`$*'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add } downroute() { doroute del } doroute() { parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&" it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2" route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 && route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2 ;; *) it="route $1 $parms $parms2" route $1 $parms $parms2 ;; esac st=$? if test $st -ne 0 then # route has already given its own cryptic message echo "$0: \`$it' failed" >&2 if test " $1 $st" = " add 7" then # another totally undocumented interface -- 7 and # "SIOCADDRT: Network is unreachable" means that # the gateway isn't reachable. echo "$0: (incorrect or missing nexthop setting??)" >&2 fi fi return $st } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic parms1="-net 0.0.0.0 netmask 128.0.0.0" parms2="-net 128.0.0.0 netmask 128.0.0.0" it="route del $parms1 2>&1 ; route del $parms2 2>&1" oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`" ;; *) parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" it="route del $parms 2>&1" oops="`route del $parms 2>&1`" ;; esac status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: \`$it' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac + cat /usr/local/lib/ipsec/_updown.old #! /bin/sh # default updown script # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown,v 1.18 2001/11/09 04:12:19 henry Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, make a copy of this under another name, and customize # that, and use the (left/right)updown parameters in ipsec.conf to make # FreeS/WAN use yours instead of this default one. # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$1:$*" in ':') # no parameters ;; ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only ;; custom:*) # custom parameters (see above CAUTION comment) ;; *) echo "$0: unknown parameters \`$*'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add } downroute() { doroute del } doroute() { parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&" it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2" route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 && route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2 ;; *) it="route $1 $parms $parms2" route $1 $parms $parms2 ;; esac st=$? if test $st -ne 0 then # route has already given its own cryptic message echo "$0: \`$it' failed" >&2 if test " $1 $st" = " add 7" then # another totally undocumented interface -- 7 and # "SIOCADDRT: Network is unreachable" means that # the gateway isn't reachable. echo "$0: (incorrect or missing nexthop setting??)" >&2 fi fi return $st } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic parms1="-net 0.0.0.0 netmask 128.0.0.0" parms2="-net 128.0.0.0 netmask 128.0.0.0" it="route del $parms1 2>&1 ; route del $parms2 2>&1" oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`" ;; *) parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" it="route del $parms 2>&1" oops="`route del $parms 2>&1`" ;; esac status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: \`$it' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac + _________________________ proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 9934 153 0 0 0 0 0 0 9934 153 0 0 0 0 0 0 teql0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 gre0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth0:81872882 122194 8 1261 0 248 0 809 4532279 53782 0 0 0 0 0 0 eth1: 0 0 0 0 0 0 0 0 240 4 0 0 0 0 0 0 + _________________________ proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth1 0001000A 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth0 0002A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 ipsec0 0002A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 lo 0000007F 00000000 0001 0 0 0 000000FF 40 0 0 eth0 00000000 0102A8C0 0003 0 0 0 00000000 40 0 0 + _________________________ proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 ipsec0/rp_filter:0 lo/rp_filter:0 + _________________________ uname-a + uname -a Linux jmj 2.4.18 #5 SMP Thu Apr 11 12:36:09 PDT 2002 i686 unknown + _________________________ redhat-release + test -r /etc/redhat-release + cat /etc/redhat-release Red Hat Linux release 7.2 (Enigma) + _________________________ proc/net/ipsec_version + cat /proc/net/ipsec_version FreeS/WAN version: 1.96 + _________________________ iptables/list + iptables -L -v -n Chain INPUT (policy ACCEPT 122K packets, 80M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 53788 packets, 3777K bytes) pkts bytes target prot opt in out source destination + _________________________ ipchains/list + ipchains -L -v -n ipchains: Incompatible with this kernel + _________________________ ipfwadm/forward + ipfwadm -F -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ ipfwadm/input + ipfwadm -I -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ ipfwadm/output + ipfwadm -O -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ iptables/nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 269 packets, 44542 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 393 packets, 23490 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 393 packets, 23490 bytes) pkts bytes target prot opt in out source destination + _________________________ ipchains/masq + ipchains -M -L -v -n ipchains: cannot open file `/proc/net/ip_masquerade' + _________________________ ipfwadm/masq + ipfwadm -M -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ iptables/mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 122K packets, 80M bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 122K packets, 80M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 53788 packets, 3777K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 53788 packets, 3777K bytes) pkts bytes target prot opt in out source destination + _________________________ proc/modules + cat /proc/modules + _________________________ proc/meminfo + cat /proc/meminfo total: used: free: shared: buffers: cached: Mem: 260870144 255250432 5619712 0 37765120 90841088 Swap: 534601728 860160 533741568 MemTotal: 254756 kB MemFree: 5488 kB MemShared: 0 kB Buffers: 36880 kB Cached: 87872 kB SwapCached: 840 kB Active: 101320 kB Inactive: 134636 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 254756 kB LowFree: 5488 kB SwapTotal: 522072 kB SwapFree: 521232 kB + _________________________ dev/ipsec-ls + ls -l '/dev/ipsec*' ls: /dev/ipsec*: No such file or directory + _________________________ proc/net/ipsec-ls + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_eroute -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_klipsdebug -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_spi -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_spigrp -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_tncfg -r--r--r-- 1 root root 0 Apr 15 20:16 /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /usr/src/linux/.config + egrep 'IP|NETLINK' /usr/src/linux/.config # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set CONFIG_SYSVIPC=y CONFIG_NETLINK_DEV=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set CONFIG_NET_IPGRE=y # CONFIG_NET_IPGRE_BROADCAST is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y # IP: Netfilter Configuration CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=y CONFIG_IP_NF_MATCH_MAC=y CONFIG_IP_NF_MATCH_MARK=y CONFIG_IP_NF_MATCH_MULTIPORT=y CONFIG_IP_NF_MATCH_TOS=y CONFIG_IP_NF_MATCH_AH_ESP=y CONFIG_IP_NF_MATCH_LENGTH=y CONFIG_IP_NF_MATCH_TTL=y CONFIG_IP_NF_MATCH_TCPMSS=y CONFIG_IP_NF_MATCH_STATE=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_NAT_IRC=y CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=y CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y CONFIG_IP_NF_TARGET_ULOG=y CONFIG_IP_NF_TARGET_TCPMSS=y # CONFIG_IPX is not set CONFIG_IPSEC=y # IPSec options (FreeS/WAN) CONFIG_IPSEC_IPIP=y CONFIG_IPSEC_AH=y CONFIG_IPSEC_AUTH_HMAC_MD5=y CONFIG_IPSEC_AUTH_HMAC_SHA1=y CONFIG_IPSEC_ESP=y CONFIG_IPSEC_ENC_3DES=y CONFIG_IPSEC_IPCOMP=y CONFIG_IPSEC_DEBUG=y # CONFIG_IDE_CHIPSETS is not set # CONFIG_SCSI_IPS is not set # CONFIG_TULIP is not set # CONFIG_SLIP is not set # CONFIG_PCMCIA_XIRTULIP is not set + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + _________________________ lib/modules-ls + ls -ltr /lib/modules total 8 drwxr-xr-x 4 root root 4096 Mar 8 19:01 2.4.7-10 drwxr-xr-x 4 root root 4096 Apr 11 12:36 2.4.18 + _________________________ proc/ksyms-netif_rx + egrep netif_rx /proc/ksyms c0237bc0 netif_rx_Rsmp_bee24931 + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.4.18: 2.4.7-10: U netif_rx_R7cb763cb + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '12560,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + cat Apr 15 20:14:59 jmj ipsec_setup: Starting FreeS/WAN IPsec 1.96... Apr 15 20:14:59 jmj ipsec_setup: KLIPS debug `all' Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_x_debug_process: set Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 16 with msg_parser c02a7a80. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_x_msg_debug_parse: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: sock=c88a6b20 sk=c9679200 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: sk(c9679200)->(&c9679254)receive_queue.{next=c9679254,prev=c9679254}. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: destroyed. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_remove_socket: removing sock=c88a6b20 Apr 15 20:14:59 jmj ipsec_setup: KLIPS ipsec0 on eth0 192.168.2.166/255.255.255.0 broadcast 255.255.255.255 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_remove_socket: removing sock=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_remove_socket: removing sock=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock=c88a6b20 type:3 state:1 flags:0 protocol:2 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c88a6b3c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_insert_socket: sk=c9679200 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: Socket sock=c88a6b20 sk=c9679200 initialised. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=0(UNKNOWN), len=4, res=0, seq=1, pid=5545. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3889e2c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: processing ext 1 c974d7f0 with processor c02a2b80. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sa_process: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 15 with msg_parser c02a7580. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_x_delflow_parse: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_x_delflow_parse: CLEARFLOW flag set, calling cleareroutes. Apr 15 20:14:59 jmj kernel: klips_debug:rj_walktree: for: rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:14:59 jmj kernel: klips_debug:rj_walktree: processing leaves, rn=cff40298 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff Apr 15 20:14:59 jmj kernel: klips_debug:rj_walktree: while: base=00000000 rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: sock=c88a6b20 sk=c9679200 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: . Apr 15 20:14:59 jmj ipsec_setup: ...FreeS/WAN IPsec started Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: sk(c9679200)->(&c9679254)receive_queue.{next=c9679254,prev=c9679254}. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: destroyed. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_remove_socket: removing sock=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock=c88a6b20 type:3 state:1 flags:0 protocol:2 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c88a6b3c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_insert_socket: sk=c9679200 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: Socket sock=c88a6b20 sk=c9679200 initialised. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=9, errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=5547. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3889e2c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 9 with msg_parser c02a6660. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_flush_parse: flushing type 0 SAs Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_tdbcleanup: cleaning up proto=0. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: allocating 16 bytes... Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: ...allocated at cb7bf220. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_flush_parse: sending up flush reply message for satype=0(UNKNOWN) to socket=c88a6b20 succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: sock=c88a6b20 sk=c9679200 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_remove_socket: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: sk(c9679200)->(&c9679254)receive_queue.{next=cb7bf220,prev=cb7bf220}. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: skb=cb7bf220 freed. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_destroy_socket: destroyed. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_remove_socket: removing sock=c88a6b20 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_release: succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_tunnel_ioctl: tncfg service call #35312 for dev=ipsec0 Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_tunnel_ioctl: calling ipsec_tunnel_attatch... Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_tunnel_attach: physical device eth0 being attached has HW address: 0:e0:98:9d:21:c3 Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_tunnel_open: dev = ipsec0, prv->dev = eth0 Apr 15 20:14:59 jmj kernel: klips_debug:ipsec_device_event: NETDEV_UP dev=ipsec0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock=c3760ea0 type:3 state:1 flags:0 protocol:2 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c3760ebc. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_insert_socket: sk=c8dda880 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c3760ea0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_create: Socket sock=c3760ea0 sk=c8dda880 initialised. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=2(AH), len=2, res=0, seq=1, pid=5575. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3971e2c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c02a60c0. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c3760ea0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: SATYPE=02(AH) successfully registered by KMd (pid=5575). Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[2]=cff30fe0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30fe0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cffef400 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth=c974d860 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth=c974d868 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=2(AH) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=00000000. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=c5d49920. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: pfkey_msg=ca22fca0 allocated 40 bytes, &(extensions[0])=c3971d9c Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=cb7d5ee0 to=ca22fcb0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00004001, required=00000001. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: allocating 40 bytes... Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: ...allocated at cb7bf220. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=2(AH) to socket=c3760ea0 succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_recvmsg: sock=c3760ea0 sk=c8dda880 msg=c3971f54 size=4096. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=5575. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3971e2c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c02a60c0. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c3760ea0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: SATYPE=03(ESP) successfully registered by KMd (pid=5575). Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[3]=cff30f80 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30f80 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30fa0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30fc0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt=c974d860 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=15 id=3 ivlen=128 minbits=168 maxbits=168. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth=c5d49920 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding auth=c5d49928 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=3(ESP) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=00000000. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=c5d49760. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: pfkey_msg=ca22fca0 allocated 56 bytes, &(extensions[0])=c3971d9c Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=cb728940 to=ca22fcb0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=cb728a20 to=ca22fcc8 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=0000c001, required=00000001. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: allocating 56 bytes... Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_upmsg: ...allocated at cb7c4800. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=3(ESP) to socket=c3760ea0 succeeded. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_recvmsg: sock=c3760ea0 sk=c8dda880 msg=c3971f54 size=4096. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=5575. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3971e2c. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c02a60c0. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: . Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c3760ea0 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: SATYPE=10(COMP) successfully registered by KMd (pid=5575). Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[10]=cff30f60 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30f60 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt alg. Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt=cb728940 Apr 15 20:14:59 jmj kernel: klips_debug:pfkey_register_parse: found satype=10(COMP) exttype=15 id=2 ivlen=0 minbits=1 maxbits=1. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=00000000. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=c5d49760. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: pfkey_msg=c5d49920 allocated 32 bytes, &(extensions[0])=c3971d9c Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=c974d860 to=c5d49930 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_upmsg: allocating 32 bytes... Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_upmsg: ...allocated at cb7bf220. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=10(COMP) to socket=c3760ea0 succeeded. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_recvmsg: sock=c3760ea0 sk=c8dda880 msg=c3971f54 size=4096. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_sendmsg: . Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=5575. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c3971e2c. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=ce750e00. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c02a60c0. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: . Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_list_insert_socket: socketp=c3760ea0 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: SATYPE=09(IPIP) successfully registered by KMd (pid=5575). Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: pfkey_supported_list[9]=cff30f40 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: checking supported=cff30f40 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt alg. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: adding encrypt=c5d49760 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: found satype=9(IPIP) exttype=15 id=1 ivlen=0 minbits=32 maxbits=32. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=00000000. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c3971d68 pfkey_ext=c3971d9c *pfkey_ext=c5d49920. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build: error=0 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_safe_build:success. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: pfkey_msg=cb728d20 allocated 32 bytes, &(extensions[0])=c3971d9c Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=cb728940 to=cb728d30 Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_upmsg: allocating 32 bytes... Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_upmsg: ...allocated at cb7c9b60. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=9(IPIP) to socket=c3760ea0 succeeded. Apr 15 20:15:00 jmj kernel: klips_debug:pfkey_recvmsg: sock=c3760ea0 sk=c8dda880 msg=c3971f54 size=4096. Apr 15 20:15:53 jmj kernel: klips_debug:ipsec_spigrp_get_info: buffer=0xc3921000, *start=0x0, offset=0, length=3072 Apr 15 20:15:53 jmj kernel: klips_debug:@ flags = 6 @key = cff70ca0 key = 00000000->00000000 @mask = 00000000 Apr 15 20:15:53 jmj kernel: klips_debug:@ flags = 6 @key = cff70cac key = ffffffff->ffffffff @mask = 00000000 Apr 15 20:15:53 jmj kernel: klips_debug: off = 0 Apr 15 20:15:53 jmj kernel: klips_debug:ipsec_eroute_get_info: buffer=0xc8cd8000, *start=0x0, offset=0, length=3072 Apr 15 20:15:53 jmj kernel: klips_debug:rj_walktree: for: rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:15:53 jmj kernel: klips_debug:rj_walktree: processing leaves, rn=cff40298 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff Apr 15 20:15:53 jmj kernel: klips_debug:rj_walktree: while: base=00000000 rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:15:53 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xcb3d4000, *start=0x0, offset=0, length=3072 Apr 15 20:15:53 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xc9370000, *start=0x0, offset=126, length=3072 Apr 15 20:15:53 jmj kernel: klips_debug:ipsec_spi_get_info: buffer=0xc8815000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc8b4d000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc8b4d000, *start=0x0, offset=24, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:@ flags = 6 @key = cff70ca0 key = 00000000->00000000 @mask = 00000000 Apr 15 20:16:15 jmj kernel: klips_debug:@ flags = 6 @key = cff70cac key = ffffffff->ffffffff @mask = 00000000 Apr 15 20:16:15 jmj kernel: klips_debug: off = 0 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_eroute_get_info: buffer=0xc3921000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:rj_walktree: for: rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:16:15 jmj kernel: klips_debug:rj_walktree: processing leaves, rn=cff40298 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff Apr 15 20:16:15 jmj kernel: klips_debug:rj_walktree: while: base=00000000 rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_spi_get_info: buffer=0xcb3d5000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_spigrp_get_info: buffer=0xca825000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xcb3d7000, *start=0x0, offset=0, length=3072 Apr 15 20:16:15 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xcb3d7000, *start=0x0, offset=126, length=3072 Apr 15 20:16:17 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc3c57000, *start=0x0, offset=0, length=3072 Apr 15 20:16:17 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc3c57000, *start=0x0, offset=24, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc9370000, *start=0x0, offset=0, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc9370000, *start=0x0, offset=24, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:@ flags = 6 @key = cff70ca0 key = 00000000->00000000 @mask = 00000000 Apr 15 20:16:34 jmj kernel: klips_debug:@ flags = 6 @key = cff70cac key = ffffffff->ffffffff @mask = 00000000 Apr 15 20:16:34 jmj kernel: klips_debug: off = 0 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_eroute_get_info: buffer=0xc8bd6000, *start=0x0, offset=0, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:rj_walktree: for: rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:16:34 jmj kernel: klips_debug:rj_walktree: processing leaves, rn=cff40298 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff Apr 15 20:16:34 jmj kernel: klips_debug:rj_walktree: while: base=00000000 rn=cff40268 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_spi_get_info: buffer=0xcabf4000, *start=0x0, offset=0, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_spigrp_get_info: buffer=0xc87fe000, *start=0x0, offset=0, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xcbb04000, *start=0x0, offset=0, length=3072 Apr 15 20:16:34 jmj kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xcbb04000, *start=0x0, offset=126, length=3072 Apr 15 20:16:35 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xcb5c5000, *start=0x0, offset=0, length=3072 Apr 15 20:16:35 jmj kernel: klips_debug:ipsec_version_get_info: buffer=0xc8815000, *start=0x0, offset=24, length=3072 + _________________________ plog + sed -n '88352,$p' /var/log/secure + egrep -i pluto + cat Apr 15 20:14:59 jmj ipsec__plutorun: Starting Pluto subsystem... Apr 15 20:14:59 jmj Pluto[5575]: Starting Pluto (FreeS/WAN Version 1.96) Apr 15 20:14:59 jmj Pluto[5575]: including X.509 patch (Version 0.9.9) Apr 15 20:14:59 jmj Pluto[5575]: | opening /dev/urandom Apr 15 20:14:59 jmj Pluto[5575]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds Apr 15 20:14:59 jmj Pluto[5575]: | process 5575 listening for PF_KEY_V2 on file descriptor 5 Apr 15 20:14:59 jmj Pluto[5575]: | finish_pfkey_msg: SADB_REGISTER message 1 for AH Apr 15 20:14:59 jmj Pluto[5575]: | 02 07 00 02 02 00 00 00 01 00 00 00 c7 15 00 00 Apr 15 20:14:59 jmj Pluto[5575]: | pfkey_get: SADB_REGISTER message 1 Apr 15 20:14:59 jmj Pluto[5575]: | AH registered with kernel. Apr 15 20:14:59 jmj Pluto[5575]: | finish_pfkey_msg: SADB_REGISTER message 2 for ESP Apr 15 20:14:59 jmj Pluto[5575]: | 02 07 00 03 02 00 00 00 02 00 00 00 c7 15 00 00 Apr 15 20:14:59 jmj Pluto[5575]: | pfkey_get: SADB_REGISTER message 2 Apr 15 20:14:59 jmj Pluto[5575]: | ESP registered with kernel. Apr 15 20:14:59 jmj Pluto[5575]: | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP Apr 15 20:14:59 jmj Pluto[5575]: | 02 07 00 0a 02 00 00 00 03 00 00 00 c7 15 00 00 Apr 15 20:14:59 jmj Pluto[5575]: | pfkey_get: SADB_REGISTER message 3 Apr 15 20:14:59 jmj Pluto[5575]: | IPCOMP registered with kernel. Apr 15 20:14:59 jmj Pluto[5575]: | finish_pfkey_msg: SADB_REGISTER message 4 for IPIP Apr 15 20:14:59 jmj Pluto[5575]: | 02 07 00 09 02 00 00 00 04 00 00 00 c7 15 00 00 Apr 15 20:14:59 jmj Pluto[5575]: | pfkey_get: SADB_REGISTER message 4 Apr 15 20:14:59 jmj Pluto[5575]: | IPIP registered with kernel. Apr 15 20:14:59 jmj Pluto[5575]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds Apr 15 20:14:59 jmj Pluto[5575]: Could not change to directory '/etc/ipsec.d/cacerts' Apr 15 20:14:59 jmj Pluto[5575]: Could not change to directory '/etc/ipsec.d/crls' Apr 15 20:14:59 jmj Pluto[5575]: could not open my X.509 cert file '/etc/x509cert.der' Apr 15 20:14:59 jmj Pluto[5575]: OpenPGP certificate file '/etc/pgpcert.pgp' not found Apr 15 20:14:59 jmj Pluto[5575]: | next event EVENT_SHUNT_SCAN in 120 seconds Apr 15 20:14:59 jmj Pluto[5575]: | Apr 15 20:14:59 jmj Pluto[5575]: | *received whack message Apr 15 20:14:59 jmj Pluto[5575]: added connection description "laptop-test1-any" Apr 15 20:14:59 jmj Pluto[5575]: | 10.0.1.0/24===192.168.2.166---192.168.2.1...%any===10.0.2.0/24 Apr 15 20:14:59 jmj Pluto[5575]: | ike_life: 14400s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+TUNNEL Apr 15 20:14:59 jmj Pluto[5575]: | next event EVENT_SHUNT_SCAN in 120 seconds Apr 15 20:14:59 jmj Pluto[5575]: | Apr 15 20:14:59 jmj Pluto[5575]: | *received whack message Apr 15 20:14:59 jmj Pluto[5575]: listening for IKE messages Apr 15 20:14:59 jmj Pluto[5575]: | found lo with address 127.0.0.1 Apr 15 20:14:59 jmj Pluto[5575]: | found ipsec0 with address 192.168.2.166 Apr 15 20:14:59 jmj Pluto[5575]: | found eth0 with address 192.168.2.166 Apr 15 20:14:59 jmj Pluto[5575]: | found eth1 with address 10.0.1.25 Apr 15 20:14:59 jmj Pluto[5575]: | IP interface eth1 10.0.1.25 has no matching ipsec* interface -- ignored Apr 15 20:14:59 jmj Pluto[5575]: adding interface ipsec0/eth0 192.168.2.166 Apr 15 20:14:59 jmj Pluto[5575]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored Apr 15 20:14:59 jmj Pluto[5575]: | could not open /proc/net/if_inet6 Apr 15 20:14:59 jmj Pluto[5575]: loading secrets from "/etc/ipsec.secrets" Apr 15 20:14:59 jmj Pluto[5575]: | next event EVENT_SHUNT_SCAN in 120 seconds Apr 15 20:15:25 jmj Pluto[5575]: | Apr 15 20:15:25 jmj Pluto[5575]: | *received 460 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:25 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 00 00 00 00 00 00 00 00 Apr 15 20:15:25 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 01 cc 0d 00 01 9c Apr 15 20:15:25 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 01 90 00 01 08 0c Apr 15 20:15:25 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 03 00 00 20 00 01 00 00 Apr 15 20:15:25 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:25 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 01 01 00 00 Apr 15 20:15:25 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05 Apr 15 20:15:25 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 02 01 00 00 Apr 15 20:15:25 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 01 Apr 15 20:15:25 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 03 01 00 00 Apr 15 20:15:25 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 04 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 05 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 06 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 07 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 05 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 08 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 09 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 02 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 0a 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 05 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 00 00 00 20 0b 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 00 00 00 14 9a a1 f3 b4 Apr 15 20:15:26 jmj Pluto[5575]: | 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 Apr 15 20:15:26 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:26 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:26 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:26 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:26 jmj Pluto[5575]: | 00 00 00 00 00 00 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_SA Apr 15 20:15:26 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:26 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:26 jmj Pluto[5575]: | flags: none Apr 15 20:15:26 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | length: 460 Apr 15 20:15:26 jmj Pluto[5575]: | ***parse ISAKMP Security Association Payload: Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_VID Apr 15 20:15:26 jmj Pluto[5575]: | length: 412 Apr 15 20:15:26 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:26 jmj Pluto[5575]: | ***parse ISAKMP Vendor ID Payload: Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:26 jmj Pluto[5575]: | length: 20 Apr 15 20:15:26 jmj Pluto[5575]: packet from 192.168.2.121:500: ignoring Vendor ID payload Apr 15 20:15:26 jmj Pluto[5575]: | VID: 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 Apr 15 20:15:26 jmj Pluto[5575]: | instantiated "laptop-test1-any" for 192.168.2.121 Apr 15 20:15:26 jmj Pluto[5575]: | creating state object #1 at 0x80a3278 Apr 15 20:15:26 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:26 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:26 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:26 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:26 jmj Pluto[5575]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 Apr 15 20:15:26 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: responding to Main Mode from unknown peer 192.168.2.121 Apr 15 20:15:26 jmj Pluto[5575]: | **emit ISAKMP Message: Apr 15 20:15:26 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:26 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:26 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:26 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_SA Apr 15 20:15:26 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:26 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:26 jmj Pluto[5575]: | flags: none Apr 15 20:15:26 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | ***emit ISAKMP Security Association Payload: Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:26 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:26 jmj Pluto[5575]: | ****parse IPsec DOI SIT: Apr 15 20:15:26 jmj Pluto[5575]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Apr 15 20:15:26 jmj Pluto[5575]: | ****parse ISAKMP Proposal Payload: Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:26 jmj Pluto[5575]: | length: 400 Apr 15 20:15:26 jmj Pluto[5575]: | proposal number: 0 Apr 15 20:15:26 jmj Pluto[5575]: | protocol ID: PROTO_ISAKMP Apr 15 20:15:26 jmj Pluto[5575]: | SPI size: 8 Apr 15 20:15:26 jmj Pluto[5575]: | number of transforms: 12 Apr 15 20:15:26 jmj Pluto[5575]: | parsing 8 raw bytes of ISAKMP Proposal Payload into Oakley SPI Apr 15 20:15:26 jmj Pluto[5575]: | Oakley SPI 26 98 52 71 61 00 01 b2 Apr 15 20:15:26 jmj Pluto[5575]: | *****parse ISAKMP Transform Payload (ISAKMP): Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_T Apr 15 20:15:26 jmj Pluto[5575]: | length: 32 Apr 15 20:15:26 jmj Pluto[5575]: | transform number: 0 Apr 15 20:15:26 jmj Pluto[5575]: | transform ID: KEY_IKE Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 5 Apr 15 20:15:26 jmj Pluto[5575]: | [5 is OAKLEY_3DES_CBC] Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_HASH_ALGORITHM Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:26 jmj Pluto[5575]: | [1 is OAKLEY_MD5] Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_AUTHENTICATION_METHOD Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:26 jmj Pluto[5575]: | [1 is OAKLEY_PRESHARED_KEY] Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_GROUP_DESCRIPTION Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 2 Apr 15 20:15:26 jmj Pluto[5575]: | [2 is OAKLEY_GROUP_MODP1024] Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_LIFE_TYPE Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:26 jmj Pluto[5575]: | [1 is OAKLEY_LIFE_SECONDS] Apr 15 20:15:26 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:26 jmj Pluto[5575]: | af+type: OAKLEY_LIFE_DURATION Apr 15 20:15:26 jmj Pluto[5575]: | length/value: 14400 Apr 15 20:15:26 jmj Pluto[5575]: | Oakley Transform 0 accepted Apr 15 20:15:26 jmj Pluto[5575]: | ****emit IPsec DOI SIT: Apr 15 20:15:26 jmj Pluto[5575]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Apr 15 20:15:26 jmj Pluto[5575]: | ****emit ISAKMP Proposal Payload: Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:26 jmj Pluto[5575]: | proposal number: 0 Apr 15 20:15:26 jmj Pluto[5575]: | protocol ID: PROTO_ISAKMP Apr 15 20:15:26 jmj Pluto[5575]: | SPI size: 0 Apr 15 20:15:26 jmj Pluto[5575]: | number of transforms: 1 Apr 15 20:15:26 jmj Pluto[5575]: | *****emit ISAKMP Transform Payload (ISAKMP): Apr 15 20:15:26 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:26 jmj Pluto[5575]: | transform number: 0 Apr 15 20:15:26 jmj Pluto[5575]: | transform ID: KEY_IKE Apr 15 20:15:26 jmj Pluto[5575]: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Apr 15 20:15:26 jmj Pluto[5575]: | attributes 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 Apr 15 20:15:26 jmj Pluto[5575]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Apr 15 20:15:26 jmj Pluto[5575]: | emitting length of ISAKMP Proposal Payload: 40 Apr 15 20:15:26 jmj Pluto[5575]: | emitting length of ISAKMP Security Association Payload: 52 Apr 15 20:15:26 jmj Pluto[5575]: | emitting length of ISAKMP Message: 80 Apr 15 20:15:26 jmj Pluto[5575]: | sending 80 bytes for STATE_MAIN_R0 through eth0 to 192.168.2.121:500: Apr 15 20:15:26 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:26 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 Apr 15 20:15:26 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 00 00 00 20 00 01 00 00 80 01 00 05 80 02 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 38 40 Apr 15 20:15:26 jmj Pluto[5575]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Apr 15 20:15:26 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Apr 15 20:15:26 jmj Pluto[5575]: | Apr 15 20:15:26 jmj Pluto[5575]: | *received 460 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:26 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 00 00 00 00 00 00 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 01 cc 0d 00 01 9c Apr 15 20:15:26 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 01 90 00 01 08 0c Apr 15 20:15:26 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 03 00 00 20 00 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 01 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 02 01 00 00 Apr 15 20:15:26 jmj Pluto[5575]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 01 Apr 15 20:15:26 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 03 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 04 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 05 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 01 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 06 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 07 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 05 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 08 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 01 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 09 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 02 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 03 00 00 20 0a 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 05 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 00 00 00 20 0b 01 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 01 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 00 00 00 14 9a a1 f3 b4 Apr 15 20:15:27 jmj Pluto[5575]: | 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 Apr 15 20:15:27 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:27 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 00 00 00 00 00 00 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_SA Apr 15 20:15:27 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:27 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:27 jmj Pluto[5575]: | flags: none Apr 15 20:15:27 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | length: 460 Apr 15 20:15:27 jmj Pluto[5575]: | ***parse ISAKMP Security Association Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_VID Apr 15 20:15:27 jmj Pluto[5575]: | length: 412 Apr 15 20:15:27 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:27 jmj Pluto[5575]: | ***parse ISAKMP Vendor ID Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | length: 20 Apr 15 20:15:27 jmj Pluto[5575]: packet from 192.168.2.121:500: ignoring Vendor ID payload Apr 15 20:15:27 jmj Pluto[5575]: | VID: 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 Apr 15 20:15:27 jmj Pluto[5575]: | creating state object #2 at 0x80a3800 Apr 15 20:15:27 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | RCOOKIE: ea 6d 26 43 fa 90 01 34 Apr 15 20:15:27 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:27 jmj Pluto[5575]: | state hash entry 13 Apr 15 20:15:27 jmj Pluto[5575]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 Apr 15 20:15:27 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #2: responding to Main Mode from unknown peer 192.168.2.121 Apr 15 20:15:27 jmj Pluto[5575]: | **emit ISAKMP Message: Apr 15 20:15:27 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:27 jmj Pluto[5575]: | ea 6d 26 43 fa 90 01 34 Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_SA Apr 15 20:15:27 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:27 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:27 jmj Pluto[5575]: | flags: none Apr 15 20:15:27 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | ***emit ISAKMP Security Association Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:27 jmj Pluto[5575]: | ****parse IPsec DOI SIT: Apr 15 20:15:27 jmj Pluto[5575]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Apr 15 20:15:27 jmj Pluto[5575]: | ****parse ISAKMP Proposal Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | length: 400 Apr 15 20:15:27 jmj Pluto[5575]: | proposal number: 0 Apr 15 20:15:27 jmj Pluto[5575]: | protocol ID: PROTO_ISAKMP Apr 15 20:15:27 jmj Pluto[5575]: | SPI size: 8 Apr 15 20:15:27 jmj Pluto[5575]: | number of transforms: 12 Apr 15 20:15:27 jmj Pluto[5575]: | parsing 8 raw bytes of ISAKMP Proposal Payload into Oakley SPI Apr 15 20:15:27 jmj Pluto[5575]: | Oakley SPI 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | *****parse ISAKMP Transform Payload (ISAKMP): Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_T Apr 15 20:15:27 jmj Pluto[5575]: | length: 32 Apr 15 20:15:27 jmj Pluto[5575]: | transform number: 0 Apr 15 20:15:27 jmj Pluto[5575]: | transform ID: KEY_IKE Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 5 Apr 15 20:15:27 jmj Pluto[5575]: | [5 is OAKLEY_3DES_CBC] Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_HASH_ALGORITHM Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:27 jmj Pluto[5575]: | [1 is OAKLEY_MD5] Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_AUTHENTICATION_METHOD Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:27 jmj Pluto[5575]: | [1 is OAKLEY_PRESHARED_KEY] Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_GROUP_DESCRIPTION Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 2 Apr 15 20:15:27 jmj Pluto[5575]: | [2 is OAKLEY_GROUP_MODP1024] Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_LIFE_TYPE Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 1 Apr 15 20:15:27 jmj Pluto[5575]: | [1 is OAKLEY_LIFE_SECONDS] Apr 15 20:15:27 jmj Pluto[5575]: | ******parse ISAKMP Oakley attribute: Apr 15 20:15:27 jmj Pluto[5575]: | af+type: OAKLEY_LIFE_DURATION Apr 15 20:15:27 jmj Pluto[5575]: | length/value: 14400 Apr 15 20:15:27 jmj Pluto[5575]: | Oakley Transform 0 accepted Apr 15 20:15:27 jmj Pluto[5575]: | ****emit IPsec DOI SIT: Apr 15 20:15:27 jmj Pluto[5575]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Apr 15 20:15:27 jmj Pluto[5575]: | ****emit ISAKMP Proposal Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | proposal number: 0 Apr 15 20:15:27 jmj Pluto[5575]: | protocol ID: PROTO_ISAKMP Apr 15 20:15:27 jmj Pluto[5575]: | SPI size: 0 Apr 15 20:15:27 jmj Pluto[5575]: | number of transforms: 1 Apr 15 20:15:27 jmj Pluto[5575]: | *****emit ISAKMP Transform Payload (ISAKMP): Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | transform number: 0 Apr 15 20:15:27 jmj Pluto[5575]: | transform ID: KEY_IKE Apr 15 20:15:27 jmj Pluto[5575]: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Apr 15 20:15:27 jmj Pluto[5575]: | attributes 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Apr 15 20:15:27 jmj Pluto[5575]: | 80 0b 00 01 80 0c 38 40 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Proposal Payload: 40 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Security Association Payload: 52 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Message: 80 Apr 15 20:15:27 jmj Pluto[5575]: | sending 80 bytes for STATE_MAIN_R0 through eth0 to 192.168.2.121:500: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 ea 6d 26 43 fa 90 01 34 Apr 15 20:15:27 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 Apr 15 20:15:27 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 Apr 15 20:15:27 jmj Pluto[5575]: | 00 00 00 20 00 01 00 00 80 01 00 05 80 02 00 01 Apr 15 20:15:27 jmj Pluto[5575]: | 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 38 40 Apr 15 20:15:27 jmj Pluto[5575]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2 Apr 15 20:15:27 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #1 Apr 15 20:15:27 jmj Pluto[5575]: | Apr 15 20:15:27 jmj Pluto[5575]: | *received 180 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:27 jmj Pluto[5575]: | 04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84 Apr 15 20:15:27 jmj Pluto[5575]: | 83 bf ec 64 4e dc b9 f0 37 ff 10 67 d3 88 53 45 Apr 15 20:15:27 jmj Pluto[5575]: | aa a1 95 d3 70 1f b3 43 c0 53 16 b4 ae 8a a6 5e Apr 15 20:15:27 jmj Pluto[5575]: | ce 8e 34 0a 74 7e 90 90 e5 57 87 9f 44 54 96 35 Apr 15 20:15:27 jmj Pluto[5575]: | f6 3f 18 4f 67 a5 9d 65 a5 b3 9e 74 98 03 4d 44 Apr 15 20:15:27 jmj Pluto[5575]: | f6 7f f1 28 60 dd 8c 67 c6 12 ed f2 5c b8 bd f5 Apr 15 20:15:27 jmj Pluto[5575]: | a9 3a 6d ec 19 28 9a b3 ef 48 82 a5 2a ad f6 13 Apr 15 20:15:27 jmj Pluto[5575]: | 3c aa 28 e2 68 02 c5 58 e1 11 d6 95 b4 d4 21 4d Apr 15 20:15:27 jmj Pluto[5575]: | 17 3b 31 08 2c 0d a7 84 d4 c0 a9 1e e9 1e 9f 1d Apr 15 20:15:27 jmj Pluto[5575]: | 00 00 00 14 d0 fe 5f 4b 31 d1 63 91 94 03 c5 2d Apr 15 20:15:27 jmj Pluto[5575]: | fb f3 a0 36 Apr 15 20:15:27 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:27 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_KE Apr 15 20:15:27 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:27 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:27 jmj Pluto[5575]: | flags: none Apr 15 20:15:27 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | length: 180 Apr 15 20:15:27 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:27 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:27 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:27 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R1 Apr 15 20:15:27 jmj Pluto[5575]: | ***parse ISAKMP Key Exchange Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONCE Apr 15 20:15:27 jmj Pluto[5575]: | length: 132 Apr 15 20:15:27 jmj Pluto[5575]: | ***parse ISAKMP Nonce Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | length: 20 Apr 15 20:15:27 jmj Pluto[5575]: | **emit ISAKMP Message: Apr 15 20:15:27 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:27 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:27 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_KE Apr 15 20:15:27 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:27 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:27 jmj Pluto[5575]: | flags: none Apr 15 20:15:27 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:27 jmj Pluto[5575]: | DH public value received: Apr 15 20:15:27 jmj Pluto[5575]: | 83 bf ec 64 4e dc b9 f0 37 ff 10 67 d3 88 53 45 Apr 15 20:15:27 jmj Pluto[5575]: | aa a1 95 d3 70 1f b3 43 c0 53 16 b4 ae 8a a6 5e Apr 15 20:15:27 jmj Pluto[5575]: | ce 8e 34 0a 74 7e 90 90 e5 57 87 9f 44 54 96 35 Apr 15 20:15:27 jmj Pluto[5575]: | f6 3f 18 4f 67 a5 9d 65 a5 b3 9e 74 98 03 4d 44 Apr 15 20:15:27 jmj Pluto[5575]: | f6 7f f1 28 60 dd 8c 67 c6 12 ed f2 5c b8 bd f5 Apr 15 20:15:27 jmj Pluto[5575]: | a9 3a 6d ec 19 28 9a b3 ef 48 82 a5 2a ad f6 13 Apr 15 20:15:27 jmj Pluto[5575]: | 3c aa 28 e2 68 02 c5 58 e1 11 d6 95 b4 d4 21 4d Apr 15 20:15:27 jmj Pluto[5575]: | 17 3b 31 08 2c 0d a7 84 d4 c0 a9 1e e9 1e 9f 1d Apr 15 20:15:27 jmj Pluto[5575]: | DH shared secret: Apr 15 20:15:27 jmj Pluto[5575]: | c5 5e 15 cd af c1 7d 7d 96 af d9 7c 80 3c b6 d5 Apr 15 20:15:27 jmj Pluto[5575]: | d7 84 bb da 43 49 d6 e2 e0 a0 73 b2 d9 9d 8b 7c Apr 15 20:15:27 jmj Pluto[5575]: | 39 ab 27 0b ac 13 2c a1 ed da f5 92 ab e0 a3 23 Apr 15 20:15:27 jmj Pluto[5575]: | f8 09 19 3c 03 e1 f9 e7 fc 3f 7c 52 65 95 0f f3 Apr 15 20:15:27 jmj Pluto[5575]: | 35 0f de f2 7b 65 6f 2d d9 99 09 e7 9e b3 24 c6 Apr 15 20:15:27 jmj Pluto[5575]: | 78 a8 06 b4 c1 2f 02 a4 bb 5b 32 f5 01 dd 09 16 Apr 15 20:15:27 jmj Pluto[5575]: | 19 fc a0 35 37 28 f9 10 b4 28 4a a4 27 df 08 5e Apr 15 20:15:27 jmj Pluto[5575]: | af 6b f4 a4 ef 18 af 63 53 83 f3 94 d1 fe 59 f8 Apr 15 20:15:27 jmj Pluto[5575]: | Local DH secret: Apr 15 20:15:27 jmj Pluto[5575]: | 4b 35 51 f1 d0 ab 43 d5 71 d8 7e 38 d8 11 f4 3d Apr 15 20:15:27 jmj Pluto[5575]: | ec ef 86 58 f2 8d af 86 aa e8 d3 c0 50 9c 9a 66 Apr 15 20:15:27 jmj Pluto[5575]: | Public DH value sent: Apr 15 20:15:27 jmj Pluto[5575]: | 02 49 7c 26 5a 2c b0 c7 90 29 a2 31 fd 22 11 03 Apr 15 20:15:27 jmj Pluto[5575]: | 11 27 5e 03 cf 6e f5 13 ee 0e d2 f6 4c c6 e6 6b Apr 15 20:15:27 jmj Pluto[5575]: | 45 74 ea 36 55 a7 98 ab 4f 1f c9 62 88 d7 f6 6d Apr 15 20:15:27 jmj Pluto[5575]: | 05 34 74 a0 7e 12 5b bd 28 ad 86 09 d2 6e 98 16 Apr 15 20:15:27 jmj Pluto[5575]: | 6f 2d c1 c1 b6 ac 15 d3 0a 55 43 e3 e6 1a 5f 1e Apr 15 20:15:27 jmj Pluto[5575]: | 3a 79 ab 15 ea 9c 2d 1e d5 64 2e b2 e9 17 6c c9 Apr 15 20:15:27 jmj Pluto[5575]: | 8b 88 53 9b f4 90 cb 39 dc 89 48 c2 4a c7 94 53 Apr 15 20:15:27 jmj Pluto[5575]: | ff e6 85 f1 e0 11 41 0c bd ee fa 5b 7a cd 76 26 Apr 15 20:15:27 jmj Pluto[5575]: | ***emit ISAKMP Key Exchange Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONCE Apr 15 20:15:27 jmj Pluto[5575]: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload Apr 15 20:15:27 jmj Pluto[5575]: | keyex value 02 49 7c 26 5a 2c b0 c7 90 29 a2 31 fd 22 11 03 Apr 15 20:15:27 jmj Pluto[5575]: | 11 27 5e 03 cf 6e f5 13 ee 0e d2 f6 4c c6 e6 6b Apr 15 20:15:27 jmj Pluto[5575]: | 45 74 ea 36 55 a7 98 ab 4f 1f c9 62 88 d7 f6 6d Apr 15 20:15:27 jmj Pluto[5575]: | 05 34 74 a0 7e 12 5b bd 28 ad 86 09 d2 6e 98 16 Apr 15 20:15:27 jmj Pluto[5575]: | 6f 2d c1 c1 b6 ac 15 d3 0a 55 43 e3 e6 1a 5f 1e Apr 15 20:15:27 jmj Pluto[5575]: | 3a 79 ab 15 ea 9c 2d 1e d5 64 2e b2 e9 17 6c c9 Apr 15 20:15:27 jmj Pluto[5575]: | 8b 88 53 9b f4 90 cb 39 dc 89 48 c2 4a c7 94 53 Apr 15 20:15:27 jmj Pluto[5575]: | ff e6 85 f1 e0 11 41 0c bd ee fa 5b 7a cd 76 26 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Key Exchange Payload: 132 Apr 15 20:15:27 jmj Pluto[5575]: | ***emit ISAKMP Nonce Payload: Apr 15 20:15:27 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:27 jmj Pluto[5575]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload Apr 15 20:15:27 jmj Pluto[5575]: | Nr da ae 97 cf 92 98 25 51 2b 59 b0 55 47 16 e4 34 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Nonce Payload: 20 Apr 15 20:15:27 jmj Pluto[5575]: | emitting length of ISAKMP Message: 180 Apr 15 20:15:27 jmj Pluto[5575]: | Skeyid: cf a0 d9 10 c1 ca 5a e8 49 74 06 f9 65 51 44 09 Apr 15 20:15:27 jmj Pluto[5575]: | Skeyid_d: fa 3c 8c e7 10 e2 10 37 42 11 f7 2b 1d 67 07 04 Apr 15 20:15:27 jmj Pluto[5575]: | Skeyid_a: ab 93 93 ea 60 b7 88 58 04 2f d8 99 3f 0c 67 fe Apr 15 20:15:27 jmj Pluto[5575]: | Skeyid_e: e6 f1 a3 0f 9b ee ac ed bd c9 e3 52 e5 c0 e7 42 Apr 15 20:15:27 jmj Pluto[5575]: | enc key: 68 00 4c 01 d0 19 bc ee e6 4f 60 9d d7 bd f0 00 Apr 15 20:15:27 jmj Pluto[5575]: | df fc 2b 1a 09 c4 10 86 Apr 15 20:15:27 jmj Pluto[5575]: | IV: b0 e2 c9 cf cc ce 54 af 48 6e 7b 36 fa 90 df 20 Apr 15 20:15:27 jmj Pluto[5575]: | sending 180 bytes for STATE_MAIN_R1 through eth0 to 192.168.2.121:500: Apr 15 20:15:27 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:27 jmj Pluto[5575]: | 04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84 Apr 15 20:15:27 jmj Pluto[5575]: | 02 49 7c 26 5a 2c b0 c7 90 29 a2 31 fd 22 11 03 Apr 15 20:15:27 jmj Pluto[5575]: | 11 27 5e 03 cf 6e f5 13 ee 0e d2 f6 4c c6 e6 6b Apr 15 20:15:27 jmj Pluto[5575]: | 45 74 ea 36 55 a7 98 ab 4f 1f c9 62 88 d7 f6 6d Apr 15 20:15:27 jmj Pluto[5575]: | 05 34 74 a0 7e 12 5b bd 28 ad 86 09 d2 6e 98 16 Apr 15 20:15:27 jmj Pluto[5575]: | 6f 2d c1 c1 b6 ac 15 d3 0a 55 43 e3 e6 1a 5f 1e Apr 15 20:15:28 jmj Pluto[5575]: | 3a 79 ab 15 ea 9c 2d 1e d5 64 2e b2 e9 17 6c c9 Apr 15 20:15:28 jmj Pluto[5575]: | 8b 88 53 9b f4 90 cb 39 dc 89 48 c2 4a c7 94 53 Apr 15 20:15:28 jmj Pluto[5575]: | ff e6 85 f1 e0 11 41 0c bd ee fa 5b 7a cd 76 26 Apr 15 20:15:28 jmj Pluto[5575]: | 00 00 00 14 da ae 97 cf 92 98 25 51 2b 59 b0 55 Apr 15 20:15:28 jmj Pluto[5575]: | 47 16 e4 34 Apr 15 20:15:28 jmj Pluto[5575]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Apr 15 20:15:28 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 15 20:15:28 jmj Pluto[5575]: | Apr 15 20:15:28 jmj Pluto[5575]: | *received 180 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | 04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84 Apr 15 20:15:28 jmj Pluto[5575]: | 83 bf ec 64 4e dc b9 f0 37 ff 10 67 d3 88 53 45 Apr 15 20:15:28 jmj Pluto[5575]: | aa a1 95 d3 70 1f b3 43 c0 53 16 b4 ae 8a a6 5e Apr 15 20:15:28 jmj Pluto[5575]: | ce 8e 34 0a 74 7e 90 90 e5 57 87 9f 44 54 96 35 Apr 15 20:15:28 jmj Pluto[5575]: | f6 3f 18 4f 67 a5 9d 65 a5 b3 9e 74 98 03 4d 44 Apr 15 20:15:28 jmj Pluto[5575]: | f6 7f f1 28 60 dd 8c 67 c6 12 ed f2 5c b8 bd f5 Apr 15 20:15:28 jmj Pluto[5575]: | a9 3a 6d ec 19 28 9a b3 ef 48 82 a5 2a ad f6 13 Apr 15 20:15:28 jmj Pluto[5575]: | 3c aa 28 e2 68 02 c5 58 e1 11 d6 95 b4 d4 21 4d Apr 15 20:15:28 jmj Pluto[5575]: | 17 3b 31 08 2c 0d a7 84 d4 c0 a9 1e e9 1e 9f 1d Apr 15 20:15:28 jmj Pluto[5575]: | 00 00 00 14 d0 fe 5f 4b 31 d1 63 91 94 03 c5 2d Apr 15 20:15:28 jmj Pluto[5575]: | fb f3 a0 36 Apr 15 20:15:28 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_KE Apr 15 20:15:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:28 jmj Pluto[5575]: | flags: none Apr 15 20:15:28 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: | length: 180 Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R2 Apr 15 20:15:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: discarding duplicate packet; already STATE_MAIN_R2 Apr 15 20:15:28 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 15 20:15:28 jmj Pluto[5575]: | Apr 15 20:15:28 jmj Pluto[5575]: | *received 92 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | 05 10 02 01 00 00 00 00 00 00 00 5c 76 b2 bd 90 Apr 15 20:15:28 jmj Pluto[5575]: | e4 f3 15 94 0a f0 57 c6 4e 0e 96 ee 68 d4 da 4d Apr 15 20:15:28 jmj Pluto[5575]: | ef 69 dc 60 88 dd a0 44 b3 fa d1 bc c3 b6 41 6b Apr 15 20:15:28 jmj Pluto[5575]: | 2b 36 49 22 07 73 b3 ba 60 fd c6 3c 64 f3 fe 90 Apr 15 20:15:28 jmj Pluto[5575]: | 32 cc 06 3a 32 e5 b6 19 72 dd e7 7d Apr 15 20:15:28 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_ID Apr 15 20:15:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:28 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:28 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: | length: 92 Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R2 Apr 15 20:15:28 jmj Pluto[5575]: | received encrypted packet from 192.168.2.121:500 Apr 15 20:15:28 jmj Pluto[5575]: | decrypting 64 bytes using algorithm OAKLEY_3DES_CBC Apr 15 20:15:28 jmj Pluto[5575]: | decrypted: Apr 15 20:15:28 jmj Pluto[5575]: | 08 00 00 0c 01 00 00 00 c0 a8 02 79 0b 00 00 14 Apr 15 20:15:28 jmj Pluto[5575]: | 61 ae 2c ae 8e 56 28 d3 2d 94 96 ab 57 bc 65 7e Apr 15 20:15:28 jmj Pluto[5575]: | 00 00 00 1c 00 00 00 01 01 10 60 02 26 98 52 71 Apr 15 20:15:28 jmj Pluto[5575]: | 61 00 01 b2 3a e2 e2 df 8b d4 24 40 00 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: | next IV: 32 e5 b6 19 72 dd e7 7d Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Identification Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:28 jmj Pluto[5575]: | length: 12 Apr 15 20:15:28 jmj Pluto[5575]: | ID type: ID_IPV4_ADDR Apr 15 20:15:28 jmj Pluto[5575]: | DOI specific A: 0 Apr 15 20:15:28 jmj Pluto[5575]: | DOI specific B: 0 Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Hash Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_N Apr 15 20:15:28 jmj Pluto[5575]: | length: 20 Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Notification Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:28 jmj Pluto[5575]: | length: 28 Apr 15 20:15:28 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:28 jmj Pluto[5575]: | protocol ID: 1 Apr 15 20:15:28 jmj Pluto[5575]: | SPI size: 16 Apr 15 20:15:28 jmj Pluto[5575]: | Notify Message Type: IPSEC_INITIAL_CONTACT Apr 15 20:15:28 jmj Pluto[5575]: | removing 4 bytes of padding Apr 15 20:15:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT Apr 15 20:15:28 jmj Pluto[5575]: | info: 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | **emit ISAKMP Message: Apr 15 20:15:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_ID Apr 15 20:15:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_IDPROT Apr 15 20:15:28 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:28 jmj Pluto[5575]: | message ID: 00 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Peer ID is ID_IPV4_ADDR: '192.168.2.121' Apr 15 20:15:28 jmj Pluto[5575]: | hashing 408 bytes of SA Apr 15 20:15:28 jmj Pluto[5575]: | Hashing his ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 Apr 15 20:15:28 jmj Pluto[5575]: | ID to be hashed: 01 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: | ID to be hashed: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | authentication succeeded Apr 15 20:15:28 jmj Pluto[5575]: | ***emit ISAKMP Identification Payload (IPsec DOI): Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:28 jmj Pluto[5575]: | ID type: ID_IPV4_ADDR Apr 15 20:15:28 jmj Pluto[5575]: | Protocol ID: 0 Apr 15 20:15:28 jmj Pluto[5575]: | port: 0 Apr 15 20:15:28 jmj Pluto[5575]: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Apr 15 20:15:28 jmj Pluto[5575]: | my identity c0 a8 02 a6 Apr 15 20:15:28 jmj Pluto[5575]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 Apr 15 20:15:28 jmj Pluto[5575]: | hashing 408 bytes of SA Apr 15 20:15:28 jmj Pluto[5575]: | Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 Apr 15 20:15:28 jmj Pluto[5575]: | ID to be hashed: 01 00 00 00 Apr 15 20:15:28 jmj Pluto[5575]: | ID to be hashed: c0 a8 02 a6 Apr 15 20:15:28 jmj Pluto[5575]: | ***emit ISAKMP Hash Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:28 jmj Pluto[5575]: | emitting 16 raw bytes of HASH_R into ISAKMP Hash Payload Apr 15 20:15:28 jmj Pluto[5575]: | HASH_R ff 51 14 e6 56 f5 44 45 51 8a 90 e9 4b 15 e1 a2 Apr 15 20:15:28 jmj Pluto[5575]: | emitting length of ISAKMP Hash Payload: 20 Apr 15 20:15:28 jmj Pluto[5575]: | encrypting: Apr 15 20:15:28 jmj Pluto[5575]: | 08 00 00 0c 01 00 00 00 c0 a8 02 a6 00 00 00 14 Apr 15 20:15:28 jmj Pluto[5575]: | ff 51 14 e6 56 f5 44 45 51 8a 90 e9 4b 15 e1 a2 Apr 15 20:15:28 jmj Pluto[5575]: | encrypting using OAKLEY_3DES_CBC Apr 15 20:15:28 jmj Pluto[5575]: | next IV: d7 21 7f fb e7 5a 81 1e Apr 15 20:15:28 jmj Pluto[5575]: | emitting length of ISAKMP Message: 60 Apr 15 20:15:28 jmj Pluto[5575]: | last encrypted block of Phase 1: Apr 15 20:15:28 jmj Pluto[5575]: | d7 21 7f fb e7 5a 81 1e Apr 15 20:15:28 jmj Pluto[5575]: | sending 60 bytes for STATE_MAIN_R2 through eth0 to 192.168.2.121:500: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | 05 10 02 01 00 00 00 00 00 00 00 3c bb 80 36 36 Apr 15 20:15:28 jmj Pluto[5575]: | 9d f1 af 50 09 d8 1b 8e 6e 17 cc 19 f4 5b 7e e3 Apr 15 20:15:28 jmj Pluto[5575]: | 35 e1 dd fe d7 21 7f fb e7 5a 81 1e Apr 15 20:15:28 jmj Pluto[5575]: | inserting event EVENT_SA_REPLACE, timeout in 14130 seconds for #1 Apr 15 20:15:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: sent MR3, ISAKMP SA established Apr 15 20:15:28 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 15 20:15:28 jmj Pluto[5575]: | Apr 15 20:15:28 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:28 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:28 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:28 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:28 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:28 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:28 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:28 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:28 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:28 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:28 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:28 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:28 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:28 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:28 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:28 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:28 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:28 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:28 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:28 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:28 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:28 jmj Pluto[5575]: | length: 300 Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | state object not found Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:28 jmj Pluto[5575]: | computed Phase 2 IV: Apr 15 20:15:28 jmj Pluto[5575]: | fe 8e e4 95 7d c4 b1 f9 57 c7 44 77 66 00 00 ff Apr 15 20:15:28 jmj Pluto[5575]: | received encrypted packet from 192.168.2.121:500 Apr 15 20:15:28 jmj Pluto[5575]: | decrypting 272 bytes using algorithm OAKLEY_3DES_CBC Apr 15 20:15:28 jmj Pluto[5575]: | decrypted: Apr 15 20:15:28 jmj Pluto[5575]: | 01 00 00 14 70 94 9a 3d 02 f7 af 80 d7 d8 82 24 Apr 15 20:15:28 jmj Pluto[5575]: | 25 37 15 b2 0a 00 00 cc 00 00 00 01 00 00 00 01 Apr 15 20:15:28 jmj Pluto[5575]: | 02 00 00 30 01 03 04 01 ad 5d 0e 42 00 00 00 24 Apr 15 20:15:28 jmj Pluto[5575]: | 01 03 00 00 80 05 00 01 80 04 00 01 80 01 00 02 Apr 15 20:15:28 jmj Pluto[5575]: | 00 02 00 04 00 06 40 00 80 01 00 01 80 02 0e 10 Apr 15 20:15:28 jmj Pluto[5575]: | 02 00 00 30 02 03 04 01 00 51 db 98 00 00 00 24 Apr 15 20:15:28 jmj Pluto[5575]: | 01 03 00 00 80 05 00 02 80 04 00 01 80 01 00 02 Apr 15 20:15:28 jmj Pluto[5575]: | 00 02 00 04 00 06 40 00 80 01 00 01 80 02 0e 10 Apr 15 20:15:28 jmj Pluto[5575]: | 02 00 00 30 03 03 04 01 fa 96 da 10 00 00 00 24 Apr 15 20:15:28 jmj Pluto[5575]: | 01 02 00 00 80 05 00 01 80 04 00 01 80 01 00 02 Apr 15 20:15:28 jmj Pluto[5575]: | 00 02 00 04 00 06 40 00 80 01 00 01 80 02 0e 10 Apr 15 20:15:28 jmj Pluto[5575]: | 00 00 00 30 04 03 04 01 5b ee e2 34 00 00 00 24 Apr 15 20:15:28 jmj Pluto[5575]: | 01 02 00 00 80 05 00 02 80 04 00 01 80 01 00 02 Apr 15 20:15:28 jmj Pluto[5575]: | 00 02 00 04 00 06 40 00 80 01 00 01 80 02 0e 10 Apr 15 20:15:28 jmj Pluto[5575]: | 05 00 00 14 29 ea 56 40 33 80 83 3e df ef 9f c4 Apr 15 20:15:28 jmj Pluto[5575]: | 35 ad 57 94 05 00 00 0c 01 00 00 00 c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | 00 00 00 10 04 00 00 00 0a 00 01 00 ff ff ff 00 Apr 15 20:15:28 jmj Pluto[5575]: | next IV: e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Hash Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_SA Apr 15 20:15:28 jmj Pluto[5575]: | length: 20 Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Security Association Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONCE Apr 15 20:15:28 jmj Pluto[5575]: | length: 204 Apr 15 20:15:28 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Nonce Payload: Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_ID Apr 15 20:15:28 jmj Pluto[5575]: | length: 20 Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Identification Payload (IPsec DOI): Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_ID Apr 15 20:15:28 jmj Pluto[5575]: | length: 12 Apr 15 20:15:28 jmj Pluto[5575]: | ID type: ID_IPV4_ADDR Apr 15 20:15:28 jmj Pluto[5575]: | Protocol ID: 0 Apr 15 20:15:28 jmj Pluto[5575]: | port: 0 Apr 15 20:15:28 jmj Pluto[5575]: | ***parse ISAKMP Identification Payload (IPsec DOI): Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:15:28 jmj Pluto[5575]: | length: 16 Apr 15 20:15:28 jmj Pluto[5575]: | ID type: ID_IPV4_ADDR_SUBNET Apr 15 20:15:28 jmj Pluto[5575]: | Protocol ID: 0 Apr 15 20:15:28 jmj Pluto[5575]: | port: 0 Apr 15 20:15:28 jmj Pluto[5575]: | **emit ISAKMP Message: Apr 15 20:15:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:28 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:28 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:28 jmj Pluto[5575]: | duplicating state object #1 Apr 15 20:15:28 jmj Pluto[5575]: | creating state object #3 at 0x80a4588 Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3 Apr 15 20:15:28 jmj Pluto[5575]: | HASH(1) computed: Apr 15 20:15:28 jmj Pluto[5575]: | 70 94 9a 3d 02 f7 af 80 d7 d8 82 24 25 37 15 b2 Apr 15 20:15:28 jmj Pluto[5575]: | peer client is 192.168.2.121/32 Apr 15 20:15:28 jmj Pluto[5575]: | our client is subnet 10.0.1.0/24 Apr 15 20:15:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #3: cannot respond to IPsec SA request because no connection is known for 10.0.1.0/24===192.168.2.166...192.168.2.121 Apr 15 20:15:28 jmj Pluto[5575]: | state transition function for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION Apr 15 20:15:28 jmj Pluto[5575]: | next event EVENT_SO_DISCARD in 0 seconds for #3 Apr 15 20:15:28 jmj Pluto[5575]: | Apr 15 20:15:28 jmj Pluto[5575]: | *time to handle event Apr 15 20:15:28 jmj Pluto[5575]: | event after this is EVENT_RETRANSMIT in 9 seconds Apr 15 20:15:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:28 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 15 20:15:29 jmj Pluto[5575]: | Apr 15 20:15:29 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:29 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:29 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:29 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:29 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:29 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:29 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:29 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:29 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:29 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:29 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:29 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:29 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:29 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:29 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:29 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:29 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:29 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:29 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:29 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:29 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:29 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:29 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:29 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:29 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:29 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:29 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:29 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:29 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:29 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:29 jmj Pluto[5575]: | length: 300 Apr 15 20:15:29 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:29 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:29 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:29 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:29 jmj Pluto[5575]: | state object not found Apr 15 20:15:29 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:29 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:29 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:29 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:29 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:29 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x74602d55 (perhaps this is a duplicated packet) Apr 15 20:15:29 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 8 seconds for #2 Apr 15 20:15:31 jmj Pluto[5575]: | Apr 15 20:15:31 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:31 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:31 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:31 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:31 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:31 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:31 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:31 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:31 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:31 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:31 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:31 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:31 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:31 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:31 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:31 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:31 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:31 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:31 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:31 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:31 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:31 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:31 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:31 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:31 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:31 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:31 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:31 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:31 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:31 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:31 jmj Pluto[5575]: | length: 300 Apr 15 20:15:31 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:31 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:31 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:31 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:31 jmj Pluto[5575]: | state object not found Apr 15 20:15:31 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:31 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:31 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:31 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:31 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:31 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x74602d55 (perhaps this is a duplicated packet) Apr 15 20:15:31 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Apr 15 20:15:35 jmj Pluto[5575]: | Apr 15 20:15:35 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:35 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:35 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:35 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:35 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:35 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:35 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:35 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:35 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:35 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:35 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:35 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:36 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:36 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:36 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:36 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:36 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:36 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:36 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:36 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:36 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:36 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:36 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:36 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:36 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:36 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:36 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:36 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:36 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:36 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:36 jmj Pluto[5575]: | length: 300 Apr 15 20:15:36 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:36 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:36 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:36 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:36 jmj Pluto[5575]: | state object not found Apr 15 20:15:36 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:36 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:36 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:36 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:36 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:36 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x74602d55 (perhaps this is a duplicated packet) Apr 15 20:15:36 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 1 seconds for #2 Apr 15 20:15:37 jmj Pluto[5575]: | Apr 15 20:15:37 jmj Pluto[5575]: | *time to handle event Apr 15 20:15:37 jmj Pluto[5575]: | event after this is EVENT_SHUNT_SCAN in 82 seconds Apr 15 20:15:37 jmj Pluto[5575]: | handling event EVENT_RETRANSMIT for 192.168.2.121 "laptop-test1-any" #2 Apr 15 20:15:37 jmj Pluto[5575]: | sending 80 bytes for EVENT_RETRANSMIT through eth0 to 192.168.2.121:500: Apr 15 20:15:37 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 ea 6d 26 43 fa 90 01 34 Apr 15 20:15:37 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 Apr 15 20:15:37 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 Apr 15 20:15:37 jmj Pluto[5575]: | 00 00 00 20 00 01 00 00 80 01 00 05 80 02 00 01 Apr 15 20:15:37 jmj Pluto[5575]: | 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 38 40 Apr 15 20:15:37 jmj Pluto[5575]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2 Apr 15 20:15:37 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 20 seconds for #2 Apr 15 20:15:43 jmj Pluto[5575]: | Apr 15 20:15:43 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:43 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:43 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:43 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:43 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:43 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:43 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:43 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:43 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:43 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:43 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:43 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:43 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:43 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:43 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:43 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:43 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:43 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:43 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:43 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:43 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:43 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:43 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:43 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:43 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:43 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:43 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:43 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:43 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:43 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:43 jmj Pluto[5575]: | length: 300 Apr 15 20:15:43 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:43 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:43 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:43 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:43 jmj Pluto[5575]: | state object not found Apr 15 20:15:43 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:43 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:43 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:43 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:43 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:43 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x74602d55 (perhaps this is a duplicated packet) Apr 15 20:15:43 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 14 seconds for #2 Apr 15 20:15:53 jmj Pluto[5575]: | Apr 15 20:15:53 jmj Pluto[5575]: | *received 300 bytes from 192.168.2.121:500 on eth0 Apr 15 20:15:53 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:53 jmj Pluto[5575]: | 08 10 20 01 55 2d 60 74 00 00 01 2c a4 de 4e fa Apr 15 20:15:53 jmj Pluto[5575]: | 03 22 cc a4 39 c0 53 0d 0e 4d 6f d0 5f f9 74 e7 Apr 15 20:15:53 jmj Pluto[5575]: | 23 cd a6 39 1a ab 56 c2 f2 58 37 97 d4 41 07 72 Apr 15 20:15:53 jmj Pluto[5575]: | 6f 08 ed dc 39 70 cd 89 c4 02 01 8f c7 58 76 00 Apr 15 20:15:53 jmj Pluto[5575]: | 68 c8 05 31 39 0e 82 17 5f b2 bf 37 e9 37 70 0d Apr 15 20:15:53 jmj Pluto[5575]: | f3 75 5e 7f e1 d4 0d c8 4f 77 8a 33 9f 14 31 de Apr 15 20:15:53 jmj Pluto[5575]: | 24 bc 78 3f 58 73 fc ff 68 87 cc 14 75 40 8a d6 Apr 15 20:15:53 jmj Pluto[5575]: | d9 2a f2 55 cd cd ed b1 db 3b 0f 13 12 bc 46 4f Apr 15 20:15:53 jmj Pluto[5575]: | 98 44 d7 89 15 82 89 d1 f9 70 96 22 06 30 54 e4 Apr 15 20:15:53 jmj Pluto[5575]: | 3d 6e e9 4d 3c 7a a3 f5 78 57 04 ab 2c fd 6f 25 Apr 15 20:15:53 jmj Pluto[5575]: | 6d 84 25 26 04 4a 84 b3 27 7a 48 91 dd 82 a0 ee Apr 15 20:15:53 jmj Pluto[5575]: | 24 58 01 ca 04 90 04 1f ea 56 a4 9c 2d 91 4c 7e Apr 15 20:15:53 jmj Pluto[5575]: | 62 03 0e dd 90 c7 ed a2 a3 c2 a8 b8 eb f3 45 3c Apr 15 20:15:53 jmj Pluto[5575]: | 36 65 08 4e d8 2b 0a eb e2 6f c3 62 a4 43 e1 f9 Apr 15 20:15:53 jmj Pluto[5575]: | ea 83 e7 47 66 7e 50 71 c2 ca a9 41 c0 74 21 93 Apr 15 20:15:53 jmj Pluto[5575]: | de d2 d8 3b 5d f4 69 7b af 84 be 95 d1 7d f7 be Apr 15 20:15:53 jmj Pluto[5575]: | 70 13 60 9c 2b 4e e5 e6 b1 4d 80 be 85 a0 71 c3 Apr 15 20:15:53 jmj Pluto[5575]: | f8 7a 57 f1 e8 fb 64 ce 5f d8 f4 1e Apr 15 20:15:53 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:15:53 jmj Pluto[5575]: | initiator cookie: Apr 15 20:15:53 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:15:53 jmj Pluto[5575]: | responder cookie: Apr 15 20:15:53 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:53 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:15:53 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:15:53 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_QUICK Apr 15 20:15:53 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:15:53 jmj Pluto[5575]: | message ID: 55 2d 60 74 Apr 15 20:15:53 jmj Pluto[5575]: | length: 300 Apr 15 20:15:53 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:53 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:53 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:53 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:53 jmj Pluto[5575]: | state object not found Apr 15 20:15:53 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:15:53 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:15:53 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:15:53 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:15:53 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:15:53 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x74602d55 (perhaps this is a duplicated packet) Apr 15 20:15:53 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 4 seconds for #2 Apr 15 20:15:57 jmj Pluto[5575]: | Apr 15 20:15:57 jmj Pluto[5575]: | *time to handle event Apr 15 20:15:57 jmj Pluto[5575]: | event after this is EVENT_SHUNT_SCAN in 62 seconds Apr 15 20:15:57 jmj Pluto[5575]: | handling event EVENT_RETRANSMIT for 192.168.2.121 "laptop-test1-any" #2 Apr 15 20:15:57 jmj Pluto[5575]: | sending 80 bytes for EVENT_RETRANSMIT through eth0 to 192.168.2.121:500: Apr 15 20:15:57 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 ea 6d 26 43 fa 90 01 34 Apr 15 20:15:57 jmj Pluto[5575]: | 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 Apr 15 20:15:57 jmj Pluto[5575]: | 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 Apr 15 20:15:57 jmj Pluto[5575]: | 00 00 00 20 00 01 00 00 80 01 00 05 80 02 00 01 Apr 15 20:15:57 jmj Pluto[5575]: | 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 38 40 Apr 15 20:15:57 jmj Pluto[5575]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #2 Apr 15 20:15:57 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 40 seconds for #2 Apr 15 20:15:57 jmj Pluto[5575]: | Apr 15 20:15:57 jmj Pluto[5575]: | *received whack message Apr 15 20:15:57 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 40 seconds for #2 Apr 15 20:16:15 jmj Pluto[5575]: | Apr 15 20:16:16 jmj Pluto[5575]: | *received whack message Apr 15 20:16:16 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 21 seconds for #2 Apr 15 20:16:28 jmj Pluto[5575]: | Apr 15 20:16:28 jmj Pluto[5575]: | *received 76 bytes from 192.168.2.121:500 on eth0 Apr 15 20:16:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:16:28 jmj Pluto[5575]: | 08 10 05 01 c0 de 39 85 00 00 00 4c 2e c9 a0 d6 Apr 15 20:16:28 jmj Pluto[5575]: | b1 34 23 35 99 66 d2 1a 0c 64 f2 97 1d e3 24 4c Apr 15 20:16:28 jmj Pluto[5575]: | b5 0f 83 5e 73 ef f4 82 af c0 f2 76 69 63 75 c2 Apr 15 20:16:28 jmj Pluto[5575]: | e4 4b 0b f1 38 8d ae 38 d7 ae ed c8 Apr 15 20:16:28 jmj Pluto[5575]: | **parse ISAKMP Message: Apr 15 20:16:28 jmj Pluto[5575]: | initiator cookie: Apr 15 20:16:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 Apr 15 20:16:28 jmj Pluto[5575]: | responder cookie: Apr 15 20:16:28 jmj Pluto[5575]: | 3a e2 e2 df 8b d4 24 40 Apr 15 20:16:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_HASH Apr 15 20:16:28 jmj Pluto[5575]: | ISAKMP version: ISAKMP Version 1.0 Apr 15 20:16:28 jmj Pluto[5575]: | exchange type: ISAKMP_XCHG_INFO Apr 15 20:16:28 jmj Pluto[5575]: | flags: ISAKMP_FLAG_ENCRYPTION Apr 15 20:16:28 jmj Pluto[5575]: | message ID: c0 de 39 85 Apr 15 20:16:28 jmj Pluto[5575]: | length: 76 Apr 15 20:16:28 jmj Pluto[5575]: | ICOOKIE: 26 98 52 71 61 00 01 b2 Apr 15 20:16:28 jmj Pluto[5575]: | RCOOKIE: 3a e2 e2 df 8b d4 24 40 Apr 15 20:16:28 jmj Pluto[5575]: | peer: c0 a8 02 79 Apr 15 20:16:28 jmj Pluto[5575]: | state hash entry 30 Apr 15 20:16:28 jmj Pluto[5575]: | state object #1 found, in STATE_MAIN_R3 Apr 15 20:16:28 jmj Pluto[5575]: | computed Phase 2 IV: Apr 15 20:16:28 jmj Pluto[5575]: | 76 89 d7 8a 98 c7 3f 08 77 fe c0 87 a9 22 36 b5 Apr 15 20:16:28 jmj Pluto[5575]: | received encrypted packet from 192.168.2.121:500 Apr 15 20:16:28 jmj Pluto[5575]: | decrypting 48 bytes using algorithm OAKLEY_3DES_CBC Apr 15 20:16:28 jmj Pluto[5575]: | decrypted: Apr 15 20:16:28 jmj Pluto[5575]: | 0c 00 00 14 e0 26 ea f8 53 e6 63 b6 75 f2 c2 b7 Apr 15 20:16:28 jmj Pluto[5575]: | 6e 4a 33 2b 00 00 00 1c 00 00 00 01 01 10 00 01 Apr 15 20:16:28 jmj Pluto[5575]: | 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:16:28 jmj Pluto[5575]: | next IV: 38 8d ae 38 d7 ae ed c8 Apr 15 20:16:28 jmj Pluto[5575]: | ***parse ISAKMP Hash Payload: Apr 15 20:16:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_D Apr 15 20:16:28 jmj Pluto[5575]: | length: 20 Apr 15 20:16:28 jmj Pluto[5575]: | ***parse ISAKMP Delete Payload: Apr 15 20:16:28 jmj Pluto[5575]: | next payload type: ISAKMP_NEXT_NONE Apr 15 20:16:28 jmj Pluto[5575]: | length: 28 Apr 15 20:16:28 jmj Pluto[5575]: | DOI: ISAKMP_DOI_IPSEC Apr 15 20:16:28 jmj Pluto[5575]: | protocol ID: 1 Apr 15 20:16:28 jmj Pluto[5575]: | SPI size: 16 Apr 15 20:16:28 jmj Pluto[5575]: | number of SPIs: 1 Apr 15 20:16:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: ignoring Delete SA payload Apr 15 20:16:28 jmj Pluto[5575]: | del: 26 98 52 71 61 00 01 b2 3a e2 e2 df 8b d4 24 40 Apr 15 20:16:28 jmj Pluto[5575]: "laptop-test1-any" 192.168.2.121 #1: received and ignored informational message Apr 15 20:16:28 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Apr 15 20:16:34 jmj Pluto[5575]: | Apr 15 20:16:34 jmj Pluto[5575]: | *received whack message Apr 15 20:16:34 jmj Pluto[5575]: | next event EVENT_RETRANSMIT in 3 seconds for #2 + _________________________ date + date Mon Apr 15 20:16:35 PDT 2002