Starting IKEv1 pluto daemon (strongSwan 4.6.2) THREADS VENDORID listening on interfaces: eth0 70.70.70.7 eth1 10.125.40.66 fe80::216:76ff:fea7:28cb eth2 10.10.10.5 fe80::f27d:68ff:feb8:b99e loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pkcs8 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve including NAT-Traversal patch (Version 0.6c) [disabled] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' loaded ca certificate from '/usr/local/etc/ipsec.d/cacerts/cacert.pem' | authcert list locked by 'add_authcert' | authcert list unlocked by 'add_authcert' loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' loading ocsp certificates from '/usr/local/etc/ipsec.d/ocspcerts' Changing to directory '/usr/local/etc/ipsec.d/crls' loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' spawning 4 worker threads listening for IKE messages adding interface eth2/eth2 10.10.10.5:500 adding interface eth1/eth1 10.125.40.66:500 adding interface eth0/eth0 70.70.70.7:500 adding interface lo/lo 127.0.0.1:500 adding interface lo/lo ::1:500 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshard_secrets' loading secrets from "/usr/local/etc/ipsec.secrets" loaded private key from 'PC1Key.pem' | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secrets' loaded host certificate from '/usr/local/etc/ipsec.d/certs/PC1Cert.pem' id '%any' not confirmed by certificate, defaulting to 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT' | ref key: 0x90c24f8 0x90c32b0 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT' | certs and keys locked by 'cert_add' | certs and keys unlocked by 'cert_add' added connection description "conn101" "conn101" #1: initiating Main Mode | rejected packet: | e8 b0 2e 0d fe 72 5c 84 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 00 a8 0d 00 00 58 | 00 00 00 01 00 00 00 01 00 00 00 4c 00 01 00 02 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 2a 30 | 80 01 00 07 80 02 00 02 80 0e 00 80 80 03 00 03 | 80 04 00 0e 00 00 00 20 01 01 00 00 80 0b 00 01 | 80 0c 2a 30 80 01 00 05 80 02 00 02 80 03 00 03 | 80 04 00 05 0d 00 00 14 88 2f e5 6d 6f d2 0d bc | 22 51 61 3b 2e be 5b eb 0d 00 00 0c 09 00 26 89 | df d6 b7 12 00 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 | control: | 2c 00 00 00 00 00 00 00 0b 00 00 00 6f 00 00 00 | 02 03 03 00 00 00 00 00 00 00 00 00 02 00 00 00 | 0a 0a 0a 06 00 00 00 00 00 00 00 00 | name: | 02 00 01 f4 0a 0a 0a 06 00 00 00 00 00 00 00 00 "conn101" #1: ERROR: asynchronous network error report on eth2 for message to 10.10.10.6 port 500, complainant 10.10.10.6: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] packet from 10.10.10.6:500: received Vendor ID payload [strongSwan] packet from 10.10.10.6:500: received Vendor ID payload [XAUTH] packet from 10.10.10.6:500: received Vendor ID payload [Dead Peer Detection] "conn101" #2: responding to Main Mode "conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #2: crl not found "conn101" #2: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | ref key: 0x90c9670 0x90ca1f8 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c9670 0x90ca1f8 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #1: received Vendor ID payload [strongSwan] "conn101" #1: received Vendor ID payload [XAUTH] "conn101" #1: received Vendor ID payload [Dead Peer Detection] "conn101" #1: we have a cert and are sending it upon request "conn101" #1: ignoring informational payload, type INVALID_ID_INFORMATION "conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #2: crl not found "conn101" #2: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | unref key: 0x90c9670 0x90ca1f8 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6af8 0x90c6d28 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | unref key: 0x90c9670 0x90ca1f8 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6af8 0x90c6d28 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #1: discarding duplicate packet; already STATE_MAIN_I3 "conn101" #1: next payload type of ISAKMP Hash Payload has an unknown value: 31 "conn101" #1: malformed payload in packet "conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #2: crl not found "conn101" #2: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | unref key: 0x90c6af8 0x90c6d28 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90ca1e8 0x90c6aa8 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | unref key: 0x90c6af8 0x90c6d28 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90ca1e8 0x90c6aa8 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #1: discarding duplicate packet; already STATE_MAIN_I3 "conn101" #1: next payload type of ISAKMP Hash Payload has an unknown value: 59 "conn101" #1: malformed payload in packet packet from 10.10.10.6:500: received Vendor ID payload [strongSwan] packet from 10.10.10.6:500: received Vendor ID payload [XAUTH] packet from 10.10.10.6:500: received Vendor ID payload [Dead Peer Detection] "conn101" #3: responding to Main Mode "conn101" #2: max number of retransmissions (2) reached STATE_MAIN_R2 | unref key: 0x90ca1e8 0x90c6aa8 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #3: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #3: crl not found "conn101" #3: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | unref key: 0x90ca1e8 0x90c6aa8 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6b68 0x90c6db0 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6b68 0x90c6db0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #3: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #3: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message "conn101" #1: starting keying attempt 2 of at most 3 "conn101" #4: initiating Main Mode to replace #1 "conn101" #4: received Vendor ID payload [strongSwan] "conn101" #4: received Vendor ID payload [XAUTH] "conn101" #4: received Vendor ID payload [Dead Peer Detection] "conn101" #4: we have a cert and are sending it upon request "conn101" #4: ignoring informational payload, type INVALID_ID_INFORMATION "conn101" #3: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #3: crl not found "conn101" #3: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | unref key: 0x90c6b68 0x90c6db0 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6c08 0x90c6668 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | unref key: 0x90c6b68 0x90c6db0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6c08 0x90c6668 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #3: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #3: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #4: discarding duplicate packet; already STATE_MAIN_I3 "conn101" #4: next payload type of ISAKMP Hash Payload has an unknown value: 56 "conn101" #4: malformed payload in packet "conn101" #3: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn101" #3: crl not found "conn101" #3: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | unref key: 0x90c6c08 0x90c6668 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6a88 0x90c63c0 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | unref key: 0x90c6c08 0x90c6668 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | ref key: 0x90c6a88 0x90c63c0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | conn101: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048) "conn101" #3: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' "conn101" #3: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.6:500 "conn101" #4: discarding duplicate packet; already STATE_MAIN_I3 "conn101" #4: next payload type of ISAKMP Hash Payload has an unknown value: 119 "conn101" #4: malformed payload in packet shutting down | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshard_secrets' | unref key: 0x90c6a88 0x90c63c0 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | unref key: 0x90c24f8 0x90c32b0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT' "conn101": deleting connection "conn101" #4: deleting state (STATE_MAIN_I3) "conn101" #3: deleting state (STATE_MAIN_R2) | unref key: 0x90c6a88 0x90c63c0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT' | certs and keys locked by 'delete_connection' | certs and keys unlocked by 'delete_connection' | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' | ocsp fetch request list locked by 'free_ocsp_fetch' | ocsp fetch request list unlocked by 'free_ocsp_fetch' | authcert list locked by 'free_authcerts' | authcert list unlocked by 'free_authcerts' | crl list locked by 'free_crls' | crl list unlocked by 'free_crls' | ocsp cache locked by 'free_ocsp_cache' | ocsp cache unlocked by 'free_ocsp_cache' shutting down interface lo/lo ::1 shutting down interface lo/lo 127.0.0.1 shutting down interface eth0/eth0 70.70.70.7 shutting down interface eth1/eth1 10.125.40.66 shutting down interface eth2/eth2 10.10.10.5