<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hi all, <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>this is my ipsec.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'># ipsec.conf - strongSwan IPsec configuration file<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'># basic configuration<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>config setup<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> plutodebug=control<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> </span><span style='color:#1F497D'># crlcheckinterval=600<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> # strictcrlpolicy=yes<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> # cachecrls=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> # nat_traversal=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> charonstart=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> #plutostart=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>conn %default<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> ikelifetime=60m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> keylife=20m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> rekeymargin=3m<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> keyingtries=1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> authby=secret<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> mobike=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> ike=aes128-sha-modp1024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> esp=aes128-sha<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'>conn net-net<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> left=30.83.252.204<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> leftsubnet=172.20.0.0/16<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> leftid=@lw.ziv.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> leftfirewall=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> lefthostaccess=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> right=2.195.78.10<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> rightsubnet=192.168.0.0/16,2.195.74.7/32<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> rightid=@hq.xxx.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> auto=add<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'> pfs=yes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:DE'> users-bounces+hoffmann=ellumination.de@lists.strongswan.org [mailto:users-bounces+hoffmann=ellumination.de@lists.strongswan.org] <b>Im Auftrag von </b>Jürgen Hoffmann<br><b>Gesendet:</b> Samstag, 18. Dezember 2010 12:33<br><b>An:</b> users@lists.strongswan.org<br><b>Betreff:</b> [strongSwan] problem connecting to juniper ssg5<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi All,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>I am trying to connect my strongswan 4.2.5 Ubuntu Installation to a new Juniper SSG5 from a contractor. But I keep getting the following in the logs.- What am I doing wrong?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: Starting Pluto (strongSwan Version 4.2.5 THREADS VENDORID)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: including NAT-Traversal patch (Version 0.6c) [disabled]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: | xauth module: using default get_secret() function<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: | xauth module: using default verify_secret() function<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: Testing registered IKE encryption algorithms:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_BLOWFISH_CBC self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_3DES_CBC self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_AES_CBC self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_SERPENT_CBC self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_TWOFISH_CBC self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_TWOFISH_CBC_SSH self-test not available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: Testing registered IKE hash algorithms:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_MD5 hash self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_MD5 hmac self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_SHA hash self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_SHA hmac self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:04 gate2 pluto[6960]: OAKLEY_SHA2_256 hash self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: OAKLEY_SHA2_256 hmac self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: OAKLEY_SHA2_384 hash self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: OAKLEY_SHA2_384 hmac self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: OAKLEY_SHA2_512 hash self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: OAKLEY_SHA2_512 hmac self-test passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: All crypto self-tests passed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:05 gate2 pluto[6960]: Using Linux 2.6 IPsec interface code<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: Changing to directory '/usr/local/strongswan/etc/ipsec.d/cacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'strongswanKey.pem' (1743 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: no passphrase available<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'strongswanCert.pem' (1919 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | authcert inserted<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'serial.old' (17 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'serial' (17 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'index.txt.old' (191 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'index.txt.attr.old' (21 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'index.txt.attr' (21 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: loaded CA cert file 'index.txt' (359 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: file coded in unknown format, discarded<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: Changing to directory '/usr/local/strongswan/etc/ipsec.d/aacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: Changing to directory '/usr/local/strongswan/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: Changing to directory '/usr/local/strongswan/etc/ipsec.d/crls'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: Changing to directory '/usr/local/strongswan/etc/ipsec.d/acerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | inserting event EVENT_LOG_DAILY, timeout in 42114 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | next event EVENT_REINIT_SECRET in 3598 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | *received whack message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: listening for IKE messages<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | found lo with address 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | found eth1 with address 30.83.252.204<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | found eth1:1 with address 30.83.252.231<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:06 gate2 pluto[6960]: | found eth1:2 with address 30.83.252.232<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found eth1:3 with address 30.83.252.206<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found eth1:4 with address 30.83.252.207<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found eth3 with address 172.20.50.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found vlan2 with address 172.20.40.254<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found vlan3 with address 172.20.20.254<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found vlan4 with address 172.20.10.254<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found vlan5 with address 172.20.30.254<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found vlan6 with address 192.168.2.254<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found ppp0 with address 10.0.2.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface ppp0/ppp0 10.0.2.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface vlan6/vlan6 192.168.2.254:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface vlan5/vlan5 172.20.30.254:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface vlan4/vlan4 172.20.10.254:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface vlan3/vlan3 172.20.20.254:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface vlan2/vlan2 172.20.40.254:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth3/eth3 172.20.50.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth1:4/eth1:4 30.83.252.207:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth1:3/eth1:3 30.83.252.206:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth1:2/eth1:2 30.83.252.232:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth1:1/eth1:1 30.83.252.231:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface eth1/eth1 30.83.252.204:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: adding interface lo/lo ::1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: loading secrets from "/usr/local/strongswan/etc/ipsec.secrets"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: loaded shared key for @lw.xxx.de @hq.xxx.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: loaded shared key for @hq.xxx.de @lw.xxx.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | next event EVENT_REINIT_SECRET in 3597 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:07 gate2 pluto[6960]: | *received whack message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | from whack: got --esp=aes128-sha<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | esp string values: 12_128-2,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | from whack: got --ike=aes128-sha-modp1024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | ike string values: 7_128-2-2,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: added connection description "net-net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | 172.20.0.0/16===30.83.252.204[@lw.xxx.de]...2.195.78.10[@hq.xxx.de]===192.168.0.0/16<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+TUNNEL+PFS<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | next event EVENT_REINIT_SECRET in 3597 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | *received 192 bytes from 2.195.78.10:500 on eth1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: packet from 2.195.78.10:500: ignoring Vendor ID payload [651ececd748d24be685a79d5f463722820f672df0000001300000614]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: packet from 2.195.78.10:500: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: packet from 2.195.78.10:500: ignoring Vendor ID payload [HeartBeat Notify 386b0100]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | preparse_isakmp_policy: peer requests PSK authentication<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | creating state object #1 at 0x8106fc0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | ICOOKIE: b6 79 4d 82 4f 45 f4 93<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | RCOOKIE: 40 0d af 34 06 a6 96 c8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | peer: 52 c3 4e 0a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | state hash entry 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: "net-net" #1: responding to Main Mode<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 10 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | *received 196 bytes from 2.195.78.10:500 on eth1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | ICOOKIE: b6 79 4d 82 4f 45 f4 93<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | RCOOKIE: 40 0d af 34 06 a6 96 c8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | peer: 52 c3 4e 0a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | state hash entry 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:08 gate2 pluto[6960]: | state object #1 found, in STATE_MAIN_R1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 10 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | *received 68 bytes from 2.195.78.10:500 on eth1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | ICOOKIE: b6 79 4d 82 4f 45 f4 93<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | RCOOKIE: 40 0d af 34 06 a6 96 c8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | peer: 52 c3 4e 0a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | state hash entry 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | state object #1 found, in STATE_MAIN_R2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: "net-net" #1: byte 2 of ISAKMP Identification Payload must be zero, but is not<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: "net-net" #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: "net-net" #1: sending encrypted notification PAYLOAD_MALFORMED to 2.195.78.10:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:09 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 9 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:12 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:12 gate2 pluto[6960]: | *received 68 bytes from 2.195.78.10:500 on eth1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:12 gate2 pluto[6960]: | ICOOKIE: b6 79 4d 82 4f 45 f4 93<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:12 gate2 pluto[6960]: | RCOOKIE: 40 0d af 34 06 a6 96 c8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: | peer: 52 c3 4e 0a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: | state hash entry 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: | state object #1 found, in STATE_MAIN_R2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: "net-net" #1: byte 2 of ISAKMP Identification Payload must be zero, but is not<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: "net-net" #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: "net-net" #1: sending encrypted notification PAYLOAD_MALFORMED to 2.195.78.10:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:13 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 6 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:16 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:16 gate2 pluto[6960]: | *received 68 bytes from 2.195.78.10:500 on eth1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:16 gate2 pluto[6960]: | ICOOKIE: b6 79 4d 82 4f 45 f4 93<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: | RCOOKIE: 40 0d af 34 06 a6 96 c8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: | peer: 52 c3 4e 0a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: | state hash entry 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: | state object #1 found, in STATE_MAIN_R2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: "net-net" #1: byte 2 of ISAKMP Identification Payload must be zero, but is not<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: "net-net" #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: "net-net" #1: sending encrypted notification PAYLOAD_MALFORMED to 2.195.78.10:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:17 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 2 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:18 gate2 pluto[6960]: |<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:18 gate2 pluto[6960]: | *time to handle event<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:18 gate2 pluto[6960]: | event after this is EVENT_REINIT_SECRET in 3586 seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:19 gate2 pluto[6960]: | handling event EVENT_RETRANSMIT for 2.195.78.10 "net-net" #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:19 gate2 pluto[6960]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 18 12:18:19 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 20 seconds for #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Any help is highly appreciated <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Kind regards<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Juergen Hoffmann<o:p></o:p></span></p></div></body></html>