Starting IKEv1 pluto daemon (strongSwan 4.6.2) THREADS VENDORID listening on interfaces: eth1 10.10.10.6 fe80::21c:25ff:fea9:da42 eth2 10.125.40.64 fe80::207:e9ff:fe0c:6343 virbr0 192.168.122.1 loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pkcs8 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve including NAT-Traversal patch (Version 0.6c) [disabled] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' loaded ca certificate from '/usr/local/etc/ipsec.d/cacerts/rootCaCert_0.pem' | authcert list locked by 'add_authcert' | authcert list unlocked by 'add_authcert' loaded ca certificate from '/usr/local/etc/ipsec.d/cacerts/cacert.pem' | authcert list locked by 'add_authcert' | authcert list unlocked by 'add_authcert' loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' loading ocsp certificates from '/usr/local/etc/ipsec.d/ocspcerts' Changing to directory '/usr/local/etc/ipsec.d/crls' loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' spawning 4 worker threads listening for IKE messages adding interface virbr0/virbr0 192.168.122.1:500 adding interface eth2/eth2 10.125.40.64:500 adding interface eth1/eth1 10.10.10.6:500 adding interface lo/lo 127.0.0.1:500 adding interface lo/lo ::1:500 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshard_secrets' loading secrets from "/usr/local/etc/ipsec.secrets" loaded private key from 'bts_key.pem' | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secrets' loaded CA certificate from '/usr/local/etc/ipsec.d/cacerts/cacert.pem' added ca description "rootca0" | ca info list locked by 'add_ca_info' | ca info list unlocked by 'add_ca_info' | authcert list locked by 'add_authcert' | authcert list unlocked by 'add_authcert' loaded host certificate from '/usr/local/etc/ipsec.d/certs/bts_cert.pem' id '%any' not confirmed by certificate, defaulting to 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=ftm' | ref key: 0x8295918 0x8297610 cnt 0 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=ftm' | certs and keys locked by 'cert_add' | certs and keys unlocked by 'cert_add' added connection description "conn100" "conn100" #1: initiating Main Mode | rejected packet: | 16 6c b3 5d 4e 15 00 2f 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 00 88 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 00 0c 00 04 | 00 01 45 b0 80 01 00 05 80 02 00 02 80 03 00 03 | 80 04 00 02 0d 00 00 14 88 2f e5 6d 6f d2 0d bc | 22 51 61 3b 2e be 5b eb 0d 00 00 0c 09 00 26 89 | df d6 b7 12 00 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 | control: | 2c 00 00 00 00 00 00 00 0b 00 00 00 6f 00 00 00 | 02 03 03 00 00 00 00 00 00 00 00 00 02 00 00 00 | 0a 0a 0a 07 00 00 00 00 00 00 00 00 | name: | 02 00 01 f4 0a 0a 0a 07 00 00 00 00 00 00 00 00 "conn100" #1: ERROR: asynchronous network error report on eth1 for message to 10.10.10.7 port 500, complainant 10.10.10.7: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] "conn100" #1: received Vendor ID payload [strongSwan] "conn100" #1: received Vendor ID payload [XAUTH] "conn100" #1: received Vendor ID payload [Dead Peer Detection] "conn100" #1: we have a cert and are sending it upon request "conn100" #1: Peer ID is ID_DER_ASN1_DN: 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=oms' | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | crl list locked by 'verify_by_crl' | crl list unlocked by 'verify_by_crl' "conn100" #1: crl not found "conn100" #1: certificate status unknown | authcert list locked by 'verify_x509cert' | authcert list unlocked by 'verify_x509cert' | ref key: 0x829a860 0x829ab00 cnt 0 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=oms' | ref key: 0x829a860 0x829ab00 cnt 1 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=oms' "conn100" #1: we require peer to have ID '10.10.10.7', but peer declares 'C=IN, ST=BLR, O=Wipro Technologies, OU=RA, CN=oms' Continuing "conn100" #1: ISAKMP SA established "conn100" #2: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) "conn100" #2: Dead Peer Detection (RFC 3706) enabled "conn100" #2: sent QI2, IPsec SA established {ESP=>0xc29abdd9 <0xc11e8f13} "conn100" #3: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #2 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 3 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #3 (was #2) (spd.eroute=#3) "conn100" #3: Dead Peer Detection (RFC 3706) enabled "conn100" #3: sent QI2, IPsec SA established {ESP=>0xc96eb76e <0xc2df58a4} "conn100" #4: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #3 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 4 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #4 (was #3) (spd.eroute=#4) "conn100" #4: Dead Peer Detection (RFC 3706) enabled "conn100" #4: sent QI2, IPsec SA established {ESP=>0xc1a2c0d0 <0xc9adba01} "conn100" #5: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #4 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 5 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #5 (was #4) (spd.eroute=#5) "conn100" #5: Dead Peer Detection (RFC 3706) enabled "conn100" #5: sent QI2, IPsec SA established {ESP=>0xc1c20f9a <0xc9efac8d} "conn100" #6: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #5 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 6 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #6 (was #5) (spd.eroute=#6) "conn100" #6: Dead Peer Detection (RFC 3706) enabled "conn100" #6: sent QI2, IPsec SA established {ESP=>0xcd1fefd2 <0xc361a998} "conn100" #7: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #6 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 7 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #7 (was #6) (spd.eroute=#7) "conn100" #7: Dead Peer Detection (RFC 3706) enabled "conn100" #7: sent QI2, IPsec SA established {ESP=>0xc14e4933 <0xcf678a29} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc29abdd9) not found (maybe expired) "conn100" #1: received Delete SA(0xc96eb76e) payload: deleting IPSEC State #3 "conn100" #8: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #7 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 8 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #8 (was #7) (spd.eroute=#8) "conn100" #8: Dead Peer Detection (RFC 3706) enabled "conn100" #8: sent QI2, IPsec SA established {ESP=>0xc2823583 <0xc5c84de3} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc1a2c0d0) not found (maybe expired) "conn100" #9: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #8 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 9 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #9 (was #8) (spd.eroute=#9) "conn100" #9: Dead Peer Detection (RFC 3706) enabled "conn100" #9: sent QI2, IPsec SA established {ESP=>0xc7f2d6b1 <0xcadffc4a} "conn100" #1: received Delete SA(0xc1c20f9a) payload: deleting IPSEC State #5 "conn100" #10: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #9 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 10 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #10 (was #9) (spd.eroute=#10) "conn100" #10: Dead Peer Detection (RFC 3706) enabled "conn100" #10: sent QI2, IPsec SA established {ESP=>0xc72ed37e <0xcfd101bb} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcd1fefd2) not found (maybe expired) "conn100" #11: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #10 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 11 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #11 (was #10) (spd.eroute=#11) "conn100" #11: Dead Peer Detection (RFC 3706) enabled "conn100" #11: sent QI2, IPsec SA established {ESP=>0xc0af6d2c <0xcdb8e065} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc14e4933) not found (maybe expired) "conn100" #12: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #11 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 12 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #12 (was #11) (spd.eroute=#12) "conn100" #12: Dead Peer Detection (RFC 3706) enabled "conn100" #12: sent QI2, IPsec SA established {ESP=>0xce07e1e1 <0xc1e3dc6c} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc2823583) not found (maybe expired) "conn100" #13: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #12 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 13 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #13 (was #12) (spd.eroute=#13) "conn100" #13: Dead Peer Detection (RFC 3706) enabled "conn100" #13: sent QI2, IPsec SA established {ESP=>0xc6aba3a0 <0xcedbc636} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc7f2d6b1) not found (maybe expired) "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc72ed37e) not found (maybe expired) "conn100" #14: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #13 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 14 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #14 (was #13) (spd.eroute=#14) "conn100" #14: Dead Peer Detection (RFC 3706) enabled "conn100" #14: sent QI2, IPsec SA established {ESP=>0xcd023bc5 <0xc492b4a5} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc0af6d2c) not found (maybe expired) "conn100" #15: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #14 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 15 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #15 (was #14) (spd.eroute=#15) "conn100" #15: Dead Peer Detection (RFC 3706) enabled "conn100" #15: sent QI2, IPsec SA established {ESP=>0xcb5bb5cb <0xc95978b1} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xce07e1e1) not found (maybe expired) "conn100" #16: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #15 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 16 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #16 (was #15) (spd.eroute=#16) "conn100" #16: Dead Peer Detection (RFC 3706) enabled "conn100" #16: sent QI2, IPsec SA established {ESP=>0xc13b1906 <0xcdc78f76} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc6aba3a0) not found (maybe expired) "conn100" #17: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #16 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 17 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #17 (was #16) (spd.eroute=#17) "conn100" #17: Dead Peer Detection (RFC 3706) enabled "conn100" #17: sent QI2, IPsec SA established {ESP=>0xc0f44fa2 <0xc7a7f19e} "conn100" #1: received Delete SA(0xcd023bc5) payload: deleting IPSEC State #14 "conn100" #18: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #17 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 18 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #18 (was #17) (spd.eroute=#18) "conn100" #18: Dead Peer Detection (RFC 3706) enabled "conn100" #18: sent QI2, IPsec SA established {ESP=>0xc7b45479 <0xceb7c5f6} "conn100" #19: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #18 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 19 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #19 (was #18) (spd.eroute=#19) "conn100" #19: Dead Peer Detection (RFC 3706) enabled "conn100" #19: sent QI2, IPsec SA established {ESP=>0xcafa2879 <0xc19ce3cd} "conn100" #1: received Delete SA(0xcb5bb5cb) payload: deleting IPSEC State #15 "conn100" #20: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #19 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 20 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #20 (was #19) (spd.eroute=#20) "conn100" #20: Dead Peer Detection (RFC 3706) enabled "conn100" #20: sent QI2, IPsec SA established {ESP=>0xc754d8fc <0xca395dbe} "conn100" #1: received Delete SA(0xc13b1906) payload: deleting IPSEC State #16 "conn100" #21: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #20 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 21 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #21 (was #20) (spd.eroute=#21) "conn100" #21: Dead Peer Detection (RFC 3706) enabled "conn100" #21: sent QI2, IPsec SA established {ESP=>0xcbbbc256 <0xce7ae0ce} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc0f44fa2) not found (maybe expired) "conn100" #22: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #21 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 22 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #22 (was #21) (spd.eroute=#22) "conn100" #22: Dead Peer Detection (RFC 3706) enabled "conn100" #22: sent QI2, IPsec SA established {ESP=>0xc000b12e <0xc21b7502} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc7b45479) not found (maybe expired) "conn100" #23: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #22 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 23 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #23 (was #22) (spd.eroute=#23) "conn100" #23: Dead Peer Detection (RFC 3706) enabled "conn100" #23: sent QI2, IPsec SA established {ESP=>0xcb039df6 <0xcd93dda8} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcafa2879) not found (maybe expired) "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc754d8fc) not found (maybe expired) "conn100" #24: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #23 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 24 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #24 (was #23) (spd.eroute=#24) "conn100" #24: Dead Peer Detection (RFC 3706) enabled "conn100" #24: sent QI2, IPsec SA established {ESP=>0xc3d7439d <0xce70d9bb} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcbbbc256) not found (maybe expired) "conn100" #25: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #24 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 25 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #25 (was #24) (spd.eroute=#25) "conn100" #25: Dead Peer Detection (RFC 3706) enabled "conn100" #25: sent QI2, IPsec SA established {ESP=>0xccacf76d <0xce06ac5b} "conn100" #26: initiating Quick Mode PUBKEY+ENCRYPT+TUNNEL+UP to replace #25 {using isakmp#1} | route_and_eroute with c: conn100 (next: none) ero:conn100 esr:{(nil)} ro:conn100 rosr:{(nil)} and state: 26 | inR1_outI2: instance conn100[0], setting newest_ipsec_sa to #26 (was #25) (spd.eroute=#26) "conn100" #26: Dead Peer Detection (RFC 3706) enabled "conn100" #26: sent QI2, IPsec SA established {ESP=>0xc85d1848 <0xc52ce050} "conn100" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc000b12e) not found (maybe expired)