Starting IKEv1 pluto daemon (strongSwan 4.6.2) THREADS VENDORID
listening on interfaces:
  eth0
    10.10.10.6
    fe80::21c:25ff:fea9:da42
  eth1
    20.20.20.2
  eth2
    10.125.40.64
    fe80::207:e9ff:fe0c:6343
  virbr0
    192.168.122.1
loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pkcs8 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve
  including NAT-Traversal patch (Version 0.6c) [disabled]
loading ca certificates from '/etc/ipsec.d/cacerts'
  loaded ca certificate from '/etc/ipsec.d/cacerts/cacert.pem'
| authcert list locked by 'add_authcert'
| authcert list unlocked by 'add_authcert'
loading aa certificates from '/etc/ipsec.d/aacerts'
loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
loading attribute certificates from '/etc/ipsec.d/acerts'
spawning 4 worker threads
listening for IKE messages
adding interface virbr0/virbr0 192.168.122.1:500
adding interface eth2/eth2 10.125.40.64:500
adding interface eth1/eth1 20.20.20.2:500
adding interface eth0/eth0 10.10.10.6:500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo ::1:500
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshard_secrets'
loading secrets from "/etc/ipsec.secrets"
  loaded private key from 'PC2Key.pem'
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secrets'
  loaded host certificate from '/etc/ipsec.d/certs/PC2Cert.pem'
  id '%any' not confirmed by certificate, defaulting to 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT'
|   ref key: 0x82e0670 0x82e1368 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT'
| certs and keys locked by 'cert_add'
| certs and keys unlocked by 'cert_add'
added connection description "conn101"
"conn101" #1: initiating Main Mode
"conn101" #1: received Vendor ID payload [strongSwan]
"conn101" #1: received Vendor ID payload [XAUTH]
"conn101" #1: received Vendor ID payload [Dead Peer Detection]
"conn101" #1: we have a cert and are sending it upon request
"conn101" #1: ignoring informational payload, type INVALID_ID_INFORMATION
packet from 10.10.10.5:500: received Vendor ID payload [strongSwan]
packet from 10.10.10.5:500: received Vendor ID payload [XAUTH]
packet from 10.10.10.5:500: received Vendor ID payload [Dead Peer Detection]
"conn101" #2: responding to Main Mode
"conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #2: crl not found
"conn101" #2: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
|   ref key: 0x82e3fd0 0x82e48f0 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e3fd0 0x82e48f0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
"conn101" #1: next payload type of ISAKMP Hash Payload has an unknown value: 237
"conn101" #1: malformed payload in packet
"conn101" #1: discarding duplicate packet; already STATE_MAIN_I3
"conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #2: crl not found
"conn101" #2: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| unref key: 0x82e3fd0 0x82e48f0 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e7d20 0x82e8328 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| unref key: 0x82e3fd0 0x82e48f0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e7d20 0x82e8328 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
"conn101" #1: next payload type of ISAKMP Hash Payload has an unknown value: 117
"conn101" #1: malformed payload in packet
"conn101" #1: discarding duplicate packet; already STATE_MAIN_I3
"conn101" #2: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #2: crl not found
"conn101" #2: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| unref key: 0x82e7d20 0x82e8328 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e2f30 0x82e3f18 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| unref key: 0x82e7d20 0x82e8328 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e2f30 0x82e3f18 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #2: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #2: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
"conn101" #1: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
"conn101" #1: starting keying attempt 2 of at most 3
"conn101" #3: initiating Main Mode to replace #1
"conn101" #3: received Vendor ID payload [strongSwan]
"conn101" #3: received Vendor ID payload [XAUTH]
"conn101" #3: received Vendor ID payload [Dead Peer Detection]
"conn101" #3: we have a cert and are sending it upon request
"conn101" #3: ignoring informational payload, type INVALID_ID_INFORMATION
"conn101" #2: max number of retransmissions (2) reached STATE_MAIN_R2
| unref key: 0x82e2f30 0x82e3f18 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
packet from 10.10.10.5:500: received Vendor ID payload [strongSwan]
packet from 10.10.10.5:500: received Vendor ID payload [XAUTH]
packet from 10.10.10.5:500: received Vendor ID payload [Dead Peer Detection]
"conn101" #4: responding to Main Mode
"conn101" #4: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #4: crl not found
"conn101" #4: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| unref key: 0x82e2f30 0x82e3f18 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e5088 0x82e8358 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e5088 0x82e8358 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #4: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #4: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
"conn101" #3: next payload type of ISAKMP Hash Payload has an unknown value: 105
"conn101" #3: malformed payload in packet
"conn101" #3: discarding duplicate packet; already STATE_MAIN_I3
"conn101" #4: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #4: crl not found
"conn101" #4: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| unref key: 0x82e5088 0x82e8358 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e3d98 0x82e5630 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| unref key: 0x82e5088 0x82e8358 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e3d98 0x82e5630 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #4: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #4: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
"conn101" #3: next payload type of ISAKMP Hash Payload has an unknown value: 117
"conn101" #3: malformed payload in packet
"conn101" #3: discarding duplicate packet; already STATE_MAIN_I3
"conn101" #4: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| crl list locked by 'verify_by_crl'
| crl list unlocked by 'verify_by_crl'
"conn101" #4: crl not found
"conn101" #4: certificate status unknown
| authcert list locked by 'verify_x509cert'
| authcert list unlocked by 'verify_x509cert'
| unref key: 0x82e3d98 0x82e5630 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e4a78 0x82e3cc0 cnt 0 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| unref key: 0x82e3d98 0x82e5630 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
|   ref key: 0x82e4a78 0x82e3cc0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| conn101:  no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
"conn101" #4: no suitable connection for peer 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #4: sending encrypted notification INVALID_ID_INFORMATION to 10.10.10.5:500
shutting down
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshard_secrets'
| unref key: 0x82e4a78 0x82e3cc0 cnt 2 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
| unref key: 0x82e0670 0x82e1368 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC2CERT'
"conn101": deleting connection
"conn101" #4: deleting state (STATE_MAIN_R2)
| unref key: 0x82e4a78 0x82e3cc0 cnt 1 'C=IN, ST=KAR, O=WIPRO, OU=NSNFTM, CN=PC1CERT'
"conn101" #3: deleting state (STATE_MAIN_I3)
| certs and keys locked by 'delete_connection'
| certs and keys unlocked by 'delete_connection'
| crl fetch request list locked by 'free_crl_fetch'
| crl fetch request list unlocked by 'free_crl_fetch'
| ocsp fetch request list locked by 'free_ocsp_fetch'
| ocsp fetch request list unlocked by 'free_ocsp_fetch'
| authcert list locked by 'free_authcerts'
| authcert list unlocked by 'free_authcerts'
| crl list locked by 'free_crls'
| crl list unlocked by 'free_crls'
| ocsp cache locked by 'free_ocsp_cache'
| ocsp cache unlocked by 'free_ocsp_cache'
shutting down interface lo/lo ::1
shutting down interface lo/lo 127.0.0.1
shutting down interface eth0/eth0 10.10.10.6
shutting down interface eth1/eth1 20.20.20.2
shutting down interface eth2/eth2 10.125.40.64
shutting down interface virbr0/virbr0 192.168.122.1