[strongSwan] problems with charon in 4.4.1
Andreas Schuldei
schuldei+strongswan at spotify.com
Mon May 23 14:46:16 CEST 2011
hi!
I seem to be experiencing problems with charon in strongswan 4.4.1.
One problem is that charon sometimes failes to reinitiate SAs once
they expire. I set up a testbed with 17 hosts to reproduce and track
down the issue, as it takes some time for it to manifest.
since every host has several connections to the other peers in this
ipsec setup, it is tricky to see what log entry is caused by which
connection. how can single out the log entries from those
affected/failing connections? how can i get a verbose status dump from
charon showing what it thinks the status is of all the connections it
keeps track of?
i dont want to attache 16M of log files here. please advice what parts
are useful, and i would appreciate tips on how to extract those.
the hosts that i currenly see problems with are up:
root at taylor:~# fping annalise.ash.spotify.net annmarie.ash.spotify.net
alvina.ash.spotify.net
annalise.ash.spotify.net is alive
annmarie.ash.spotify.net is alive
alvina.ash.spotify.net is alive
but ipsec statusall has no SA for them. (see ipsec-statusall.txt)
please also find attached annalises and taylors ipsec.conf. the other
hosts' ipsec.conf is equivalent. there is always one initiator for
each connection.
-------------- next part --------------
Status of IKEv2 charon daemon (strongSwan 4.4.1):
uptime: 101 minutes, since May 23 10:49:54 2011
malloc: sbrk 6172672, mmap 1052672, used 6034992, free 137680
worker threads: 7 idle of 16, job queue load: 0, scheduled events: 124834
loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl fips-prf xcbc hmac agent gmp attr resolve kernel-netlink socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 dhcp
Listening IP addresses:
78.31.14.85
Connections:
taylor.sto.spotify.net-aldona.ash.spotify.net: 78.31.14.85...193.182.12.18, dpddelay=30s
taylor.sto.spotify.net-aldona.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-aldona.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-aldona.ash.spotify.net: remote: [C=SE, O=Spotify, CN=aldona.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-aldona.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-alejandra.ash.spotify.net: 78.31.14.85...193.182.12.19, dpddelay=30s
taylor.sto.spotify.net-alejandra.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-alejandra.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-alejandra.ash.spotify.net: remote: [C=SE, O=Spotify, CN=alejandra.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-alejandra.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-alvina.ash.spotify.net: 78.31.14.85...193.182.12.31, dpddelay=30s
taylor.sto.spotify.net-alvina.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-alvina.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-alvina.ash.spotify.net: remote: [C=SE, O=Spotify, CN=alvina.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-alvina.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-amber.lon.spotify.net: 78.31.14.85...78.31.10.34, dpddelay=30s
taylor.sto.spotify.net-amber.lon.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-amber.lon.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-amber.lon.spotify.net: remote: [C=SE, O=Spotify, CN=amber.lon.spotify.net] uses any authentication
taylor.sto.spotify.net-amber.lon.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-annalise.ash.spotify.net: 78.31.14.85...193.182.12.46, dpddelay=30s
taylor.sto.spotify.net-annalise.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-annalise.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-annalise.ash.spotify.net: remote: [C=SE, O=Spotify, CN=annalise.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-annalise.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-annmarie.ash.spotify.net: 78.31.14.85...193.182.12.49, dpddelay=30s
taylor.sto.spotify.net-annmarie.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-annmarie.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-annmarie.ash.spotify.net: remote: [C=SE, O=Spotify, CN=annmarie.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-annmarie.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-dorothy.ash.spotify.net: 78.31.14.85...193.182.12.147, dpddelay=30s
taylor.sto.spotify.net-dorothy.ash.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-dorothy.ash.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-dorothy.ash.spotify.net: remote: [C=SE, O=Spotify, CN=dorothy.ash.spotify.net] uses any authentication
taylor.sto.spotify.net-dorothy.ash.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-fiona.lon.spotify.net: 78.31.14.85...78.31.10.48, dpddelay=30s
taylor.sto.spotify.net-fiona.lon.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-fiona.lon.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-fiona.lon.spotify.net: remote: [C=SE, O=Spotify, CN=fiona.lon.spotify.net] uses any authentication
taylor.sto.spotify.net-fiona.lon.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-gordana.sto.spotify.net: 78.31.14.85...78.31.14.162, dpddelay=30s
taylor.sto.spotify.net-gordana.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-gordana.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-gordana.sto.spotify.net: remote: [C=SE, O=Spotify, CN=gordana.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-gordana.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-grazyna.lon.spotify.net: 78.31.14.85...78.31.10.243, dpddelay=30s
taylor.sto.spotify.net-grazyna.lon.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-grazyna.lon.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-grazyna.lon.spotify.net: remote: [C=SE, O=Spotify, CN=grazyna.lon.spotify.net] uses any authentication
taylor.sto.spotify.net-grazyna.lon.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-lillian.lon.spotify.net: 78.31.14.85...78.31.10.84, dpddelay=30s
taylor.sto.spotify.net-lillian.lon.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-lillian.lon.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-lillian.lon.spotify.net: remote: [C=SE, O=Spotify, CN=lillian.lon.spotify.net] uses any authentication
taylor.sto.spotify.net-lillian.lon.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-marissa.sto.spotify.net: 78.31.14.85...78.31.14.98, dpddelay=30s
taylor.sto.spotify.net-marissa.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-marissa.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-marissa.sto.spotify.net: remote: [C=SE, O=Spotify, CN=marissa.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-marissa.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-parody.sto.spotify.net: 78.31.14.85...78.31.14.164, dpddelay=30s
taylor.sto.spotify.net-parody.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-parody.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-parody.sto.spotify.net: remote: [C=SE, O=Spotify, CN=parody.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-parody.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-renate.lon.spotify.net: 78.31.14.85...78.31.10.210, dpddelay=30s
taylor.sto.spotify.net-renate.lon.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-renate.lon.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-renate.lon.spotify.net: remote: [C=SE, O=Spotify, CN=renate.lon.spotify.net] uses any authentication
taylor.sto.spotify.net-renate.lon.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-sarah.sto.spotify.net: 78.31.14.85...78.31.14.56, dpddelay=30s
taylor.sto.spotify.net-sarah.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-sarah.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-sarah.sto.spotify.net: remote: [C=SE, O=Spotify, CN=sarah.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-sarah.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-savannah.sto.spotify.net: 78.31.14.85...78.31.14.58, dpddelay=30s
taylor.sto.spotify.net-savannah.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-savannah.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-savannah.sto.spotify.net: remote: [C=SE, O=Spotify, CN=savannah.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-savannah.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
taylor.sto.spotify.net-sibylla.sto.spotify.net: 78.31.14.85...78.31.14.131, dpddelay=30s
taylor.sto.spotify.net-sibylla.sto.spotify.net: local: [C=SE, O=Spotify, CN=taylor.sto.spotify.net] uses public key authentication
taylor.sto.spotify.net-sibylla.sto.spotify.net: cert: "C=SE, O=Spotify, CN=taylor.sto.spotify.net"
taylor.sto.spotify.net-sibylla.sto.spotify.net: remote: [C=SE, O=Spotify, CN=sibylla.sto.spotify.net] uses any authentication
taylor.sto.spotify.net-sibylla.sto.spotify.net: child: dynamic === dynamic , dpdaction=clear
Security Associations:
taylor.sto.spotify.net-sibylla.sto.spotify.net[1]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.131[C=SE, O=Spotify, CN=sibylla.sto.spotify.net]
taylor.sto.spotify.net-sibylla.sto.spotify.net[1]: IKE SPIs: 48aaf1df85f9ac36_i 5f3e22b6743d42a0_r*, public key reauthentication in 69 minutes
taylor.sto.spotify.net-sibylla.sto.spotify.net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-sibylla.sto.spotify.net{1}: INSTALLED, TUNNEL, ESP SPIs: cdfb6dcf_i ca4e4750_o
taylor.sto.spotify.net-sibylla.sto.spotify.net{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 33 minutes
taylor.sto.spotify.net-sibylla.sto.spotify.net{1}: 78.31.14.85/32 === 78.31.14.131/32
taylor.sto.spotify.net-gordana.sto.spotify.net[2]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.162[C=SE, O=Spotify, CN=gordana.sto.spotify.net]
taylor.sto.spotify.net-gordana.sto.spotify.net[2]: IKE SPIs: 80dbdf4f26b39d10_i 41dc4bdf10fc6592_r*, public key reauthentication in 62 minutes
taylor.sto.spotify.net-gordana.sto.spotify.net[2]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-gordana.sto.spotify.net{2}: INSTALLED, TUNNEL, ESP SPIs: c866cda5_i c97bface_o
taylor.sto.spotify.net-gordana.sto.spotify.net{2}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 31 minutes
taylor.sto.spotify.net-gordana.sto.spotify.net{2}: 78.31.14.85/32 === 78.31.14.162/32
taylor.sto.spotify.net-sarah.sto.spotify.net[3]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.56[C=SE, O=Spotify, CN=sarah.sto.spotify.net]
taylor.sto.spotify.net-sarah.sto.spotify.net[3]: IKE SPIs: 1bb78bd9299c2686_i 66e97acdf97add8e_r*, public key reauthentication in 62 minutes
taylor.sto.spotify.net-sarah.sto.spotify.net[3]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-sarah.sto.spotify.net{3}: INSTALLED, TUNNEL, ESP SPIs: cbe5e644_i c3a22c97_o
taylor.sto.spotify.net-sarah.sto.spotify.net{3}: AES_CBC_128/HMAC_SHA1_96, 2523802 bytes_i (542s ago), 38112 bytes_o (542s ago), rekeying in 35 minutes
taylor.sto.spotify.net-sarah.sto.spotify.net{3}: 78.31.14.85/32 === 78.31.14.56/32
taylor.sto.spotify.net-marissa.sto.spotify.net[4]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.98[C=SE, O=Spotify, CN=marissa.sto.spotify.net]
taylor.sto.spotify.net-marissa.sto.spotify.net[4]: IKE SPIs: 207f92b79837ab00_i e1c17ca83f1c1c06_r*, public key reauthentication in 61 minutes
taylor.sto.spotify.net-marissa.sto.spotify.net[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-marissa.sto.spotify.net{4}: INSTALLED, TUNNEL, ESP SPIs: cd5dcf8f_i cbdcd210_o
taylor.sto.spotify.net-marissa.sto.spotify.net{4}: AES_CBC_128/HMAC_SHA1_96, 2508088 bytes_i (619s ago), 47120 bytes_o (619s ago), rekeying in 27 minutes
taylor.sto.spotify.net-marissa.sto.spotify.net{4}: 78.31.14.85/32 === 78.31.14.98/32
taylor.sto.spotify.net-parody.sto.spotify.net[5]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.164[C=SE, O=Spotify, CN=parody.sto.spotify.net]
taylor.sto.spotify.net-parody.sto.spotify.net[5]: IKE SPIs: 75cf71ef61e62307_i d265995a3f85612e_r*, public key reauthentication in 65 minutes
taylor.sto.spotify.net-parody.sto.spotify.net[5]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-parody.sto.spotify.net{6}: INSTALLED, TUNNEL, ESP SPIs: c873b2f7_i cd732297_o
taylor.sto.spotify.net-parody.sto.spotify.net{6}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 33 minutes
taylor.sto.spotify.net-parody.sto.spotify.net{6}: 78.31.14.85/32 === 78.31.14.164/32
taylor.sto.spotify.net-savannah.sto.spotify.net[6]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.14.58[C=SE, O=Spotify, CN=savannah.sto.spotify.net]
taylor.sto.spotify.net-savannah.sto.spotify.net[6]: IKE SPIs: 685895c4e322d939_i 22250e6340fb399e_r*, public key reauthentication in 67 minutes
taylor.sto.spotify.net-savannah.sto.spotify.net[6]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-savannah.sto.spotify.net{5}: INSTALLED, TUNNEL, ESP SPIs: c6555413_i c582a819_o
taylor.sto.spotify.net-savannah.sto.spotify.net{5}: AES_CBC_128/HMAC_SHA1_96, 5039476 bytes_i (204s ago), 76460 bytes_o (204s ago), rekeying in 31 minutes
taylor.sto.spotify.net-savannah.sto.spotify.net{5}: 78.31.14.85/32 === 78.31.14.58/32
taylor.sto.spotify.net-renate.lon.spotify.net[7]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.10.210[C=SE, O=Spotify, CN=renate.lon.spotify.net]
taylor.sto.spotify.net-renate.lon.spotify.net[7]: IKE SPIs: cedf01a90e08f2e4_i f09f59a90e8d4633_r*, public key reauthentication in 60 minutes
taylor.sto.spotify.net-renate.lon.spotify.net[7]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-renate.lon.spotify.net{7}: INSTALLED, TUNNEL, ESP SPIs: c469c612_i c1490251_o
taylor.sto.spotify.net-renate.lon.spotify.net{7}: AES_CBC_128/HMAC_SHA1_96, 7536982 bytes_i (16s ago), 132208 bytes_o (17s ago), rekeying in 33 minutes
taylor.sto.spotify.net-renate.lon.spotify.net{7}: 78.31.14.85/32 === 78.31.10.210/32
taylor.sto.spotify.net-grazyna.lon.spotify.net[8]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.10.243[C=SE, O=Spotify, CN=grazyna.lon.spotify.net]
taylor.sto.spotify.net-grazyna.lon.spotify.net[8]: IKE SPIs: c3df359748d45155_i 90773e98ad54d48e_r*, public key reauthentication in 68 minutes
taylor.sto.spotify.net-grazyna.lon.spotify.net[8]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-grazyna.lon.spotify.net{9}: INSTALLED, TUNNEL, ESP SPIs: cee250b8_i cf332701_o
taylor.sto.spotify.net-grazyna.lon.spotify.net{9}: AES_CBC_128/HMAC_SHA1_96, 2510148 bytes_i (483s ago), 30844 bytes_o (484s ago), rekeying in 28 minutes
taylor.sto.spotify.net-grazyna.lon.spotify.net{9}: 78.31.14.85/32 === 78.31.10.243/32
taylor.sto.spotify.net-fiona.lon.spotify.net[9]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.10.48[C=SE, O=Spotify, CN=fiona.lon.spotify.net]
taylor.sto.spotify.net-fiona.lon.spotify.net[9]: IKE SPIs: 3d0c82abf09db1e9_i d8a7b51253d95518_r*, public key reauthentication in 60 minutes
taylor.sto.spotify.net-fiona.lon.spotify.net[9]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-fiona.lon.spotify.net{8}: INSTALLED, TUNNEL, ESP SPIs: c0048b53_i cce704ea_o
taylor.sto.spotify.net-fiona.lon.spotify.net{8}: AES_CBC_128/HMAC_SHA1_96, 2509052 bytes_i (46s ago), 47796 bytes_o (46s ago), rekeying in 36 minutes
taylor.sto.spotify.net-fiona.lon.spotify.net{8}: 78.31.14.85/32 === 78.31.10.48/32
taylor.sto.spotify.net-lillian.lon.spotify.net[10]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.10.84[C=SE, O=Spotify, CN=lillian.lon.spotify.net]
taylor.sto.spotify.net-lillian.lon.spotify.net[10]: IKE SPIs: dbb26e55aaae6309_i 85f2d0d2caae5fa9_r*, public key reauthentication in 66 minutes
taylor.sto.spotify.net-lillian.lon.spotify.net[10]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-lillian.lon.spotify.net{10}: INSTALLED, TUNNEL, ESP SPIs: c2017e36_i c3c21e2a_o
taylor.sto.spotify.net-lillian.lon.spotify.net{10}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 30 minutes
taylor.sto.spotify.net-lillian.lon.spotify.net{10}: 78.31.14.85/32 === 78.31.10.84/32
taylor.sto.spotify.net-amber.lon.spotify.net[11]: ESTABLISHED 101 minutes ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...78.31.10.34[C=SE, O=Spotify, CN=amber.lon.spotify.net]
taylor.sto.spotify.net-amber.lon.spotify.net[11]: IKE SPIs: 754d6a88eee1e6a3_i 081f87b91f565688_r*, public key reauthentication in 67 minutes
taylor.sto.spotify.net-amber.lon.spotify.net[11]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-amber.lon.spotify.net{11}: INSTALLED, TUNNEL, ESP SPIs: c09be841_i c26b6bce_o
taylor.sto.spotify.net-amber.lon.spotify.net{11}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 40 minutes
taylor.sto.spotify.net-amber.lon.spotify.net{11}: 78.31.14.85/32 === 78.31.10.34/32
taylor.sto.spotify.net-dorothy.ash.spotify.net[62004]: DELETING, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...193.182.12.147[C=SE, O=Spotify, CN=dorothy.ash.spotify.net]
taylor.sto.spotify.net-dorothy.ash.spotify.net[62004]: IKE SPIs: 913a46ed06022445_i 914f196b096e6887_r*
taylor.sto.spotify.net-dorothy.ash.spotify.net[62004]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-dorothy.ash.spotify.net[62004]: Tasks active: IKE_DELETE
taylor.sto.spotify.net-dorothy.ash.spotify.net{62003}: INSTALLED, TUNNEL, ESP SPIs: cca7a49d_i c2648675_o
taylor.sto.spotify.net-dorothy.ash.spotify.net{62003}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 46 minutes
taylor.sto.spotify.net-dorothy.ash.spotify.net{62003}: 78.31.14.85/32 === 193.182.12.147/32
taylor.sto.spotify.net-alejandra.ash.spotify.net[62005]: DELETING, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...193.182.12.19[C=SE, O=Spotify, CN=alejandra.ash.spotify.net]
taylor.sto.spotify.net-alejandra.ash.spotify.net[62005]: IKE SPIs: 00de05cf0cd69a96_i 99ccae78524bf95a_r*
taylor.sto.spotify.net-alejandra.ash.spotify.net[62005]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-alejandra.ash.spotify.net[62005]: Tasks active: IKE_DELETE
taylor.sto.spotify.net-alejandra.ash.spotify.net{62004}: INSTALLED, TUNNEL, ESP SPIs: cdad879b_i c649b8c8_o
taylor.sto.spotify.net-alejandra.ash.spotify.net{62004}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 46 minutes
taylor.sto.spotify.net-alejandra.ash.spotify.net{62004}: 78.31.14.85/32 === 193.182.12.19/32
taylor.sto.spotify.net-aldona.ash.spotify.net[62006]: ESTABLISHED 0 seconds ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...193.182.12.18[C=SE, O=Spotify, CN=aldona.ash.spotify.net]
taylor.sto.spotify.net-aldona.ash.spotify.net[62006]: IKE SPIs: 90fd8b1e6460130c_i 3bf775b0cf30c7c0_r*, public key reauthentication in 2 hours
taylor.sto.spotify.net-aldona.ash.spotify.net[62006]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-aldona.ash.spotify.net{62005}: INSTALLED, TUNNEL, ESP SPIs: c092d1e3_i c2212fe9_o
taylor.sto.spotify.net-aldona.ash.spotify.net{62005}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 50 minutes
taylor.sto.spotify.net-aldona.ash.spotify.net{62005}: 78.31.14.85/32 === 193.182.12.18/32
taylor.sto.spotify.net-dorothy.ash.spotify.net[62007]: ESTABLISHED 0 seconds ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...193.182.12.147[C=SE, O=Spotify, CN=dorothy.ash.spotify.net]
taylor.sto.spotify.net-dorothy.ash.spotify.net[62007]: IKE SPIs: 46cc63b20bb67671_i 1a23c7ef152778da_r*, public key reauthentication in 2 hours
taylor.sto.spotify.net-dorothy.ash.spotify.net[62007]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-dorothy.ash.spotify.net{62006}: INSTALLED, TUNNEL, ESP SPIs: c29fc6c9_i c78c3510_o
taylor.sto.spotify.net-dorothy.ash.spotify.net{62006}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 42 minutes
taylor.sto.spotify.net-dorothy.ash.spotify.net{62006}: 78.31.14.85/32 === 193.182.12.147/32
taylor.sto.spotify.net-alejandra.ash.spotify.net[62008]: ESTABLISHED 0 seconds ago, 78.31.14.85[C=SE, O=Spotify, CN=taylor.sto.spotify.net]...193.182.12.19[C=SE, O=Spotify, CN=alejandra.ash.spotify.net]
taylor.sto.spotify.net-alejandra.ash.spotify.net[62008]: IKE SPIs: 426bca92602af95d_i f45ab0f3738daa54_r*, public key reauthentication in 2 hours
taylor.sto.spotify.net-alejandra.ash.spotify.net[62008]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
taylor.sto.spotify.net-alejandra.ash.spotify.net{62007}: INSTALLED, TUNNEL, ESP SPIs: cf479edf_i c24ece06_o
taylor.sto.spotify.net-alejandra.ash.spotify.net{62007}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 43 minutes
taylor.sto.spotify.net-alejandra.ash.spotify.net{62007}: 78.31.14.85/32 === 193.182.12.19/32
(unnamed)[62009]: CONNECTING, 78.31.14.85[%any]...193.182.12.18[%any]
(unnamed)[62009]: IKE SPIs: c255b368616d72e7_i 8074f6b2cfacc4f3_r*
(unnamed)[62009]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
(unnamed)[62009]: Tasks passive: IKE_CERT_PRE IKE_AUTHENTICATE IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE
-------------- next part --------------
src 78.31.14.85/32 dst 78.31.10.243/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.10.243
proto esp reqid 9 mode tunnel
src 78.31.10.243/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.10.243 dst 78.31.14.85
proto esp reqid 9 mode tunnel
src 78.31.10.243/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.10.243 dst 78.31.14.85
proto esp reqid 9 mode tunnel
src 78.31.14.85/32 dst 78.31.14.58/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.58
proto esp reqid 5 mode tunnel
src 78.31.14.58/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.58 dst 78.31.14.85
proto esp reqid 5 mode tunnel
src 78.31.14.58/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.58 dst 78.31.14.85
proto esp reqid 5 mode tunnel
src 78.31.14.85/32 dst 78.31.14.98/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.98
proto esp reqid 4 mode tunnel
src 78.31.14.98/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.98 dst 78.31.14.85
proto esp reqid 4 mode tunnel
src 78.31.14.98/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.98 dst 78.31.14.85
proto esp reqid 4 mode tunnel
src 78.31.14.85/32 dst 78.31.14.56/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.56
proto esp reqid 3 mode tunnel
src 78.31.14.56/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.56 dst 78.31.14.85
proto esp reqid 3 mode tunnel
src 78.31.14.56/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.56 dst 78.31.14.85
proto esp reqid 3 mode tunnel
src 78.31.14.85/32 dst 78.31.10.84/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.10.84
proto esp reqid 10 mode tunnel
src 78.31.10.84/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.10.84 dst 78.31.14.85
proto esp reqid 10 mode tunnel
src 78.31.10.84/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.10.84 dst 78.31.14.85
proto esp reqid 10 mode tunnel
src 78.31.14.85/32 dst 78.31.10.210/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.10.210
proto esp reqid 7 mode tunnel
src 78.31.10.210/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.10.210 dst 78.31.14.85
proto esp reqid 7 mode tunnel
src 78.31.10.210/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.10.210 dst 78.31.14.85
proto esp reqid 7 mode tunnel
src 78.31.14.85/32 dst 78.31.14.162/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.162
proto esp reqid 2 mode tunnel
src 78.31.14.162/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.162 dst 78.31.14.85
proto esp reqid 2 mode tunnel
src 78.31.14.162/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.162 dst 78.31.14.85
proto esp reqid 2 mode tunnel
src 78.31.14.85/32 dst 78.31.14.164/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.164
proto esp reqid 6 mode tunnel
src 78.31.14.164/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.164 dst 78.31.14.85
proto esp reqid 6 mode tunnel
src 78.31.14.164/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.164 dst 78.31.14.85
proto esp reqid 6 mode tunnel
src 78.31.14.85/32 dst 78.31.14.131/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.14.131
proto esp reqid 1 mode tunnel
src 78.31.14.131/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.14.131 dst 78.31.14.85
proto esp reqid 1 mode tunnel
src 78.31.14.131/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.14.131 dst 78.31.14.85
proto esp reqid 1 mode tunnel
src 78.31.14.85/32 dst 78.31.10.48/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.10.48
proto esp reqid 8 mode tunnel
src 78.31.10.48/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.10.48 dst 78.31.14.85
proto esp reqid 8 mode tunnel
src 78.31.10.48/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.10.48 dst 78.31.14.85
proto esp reqid 8 mode tunnel
src 78.31.14.85/32 dst 78.31.10.34/32
dir out priority 1680
tmpl src 78.31.14.85 dst 78.31.10.34
proto esp reqid 11 mode tunnel
src 78.31.10.34/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 78.31.10.34 dst 78.31.14.85
proto esp reqid 11 mode tunnel
src 78.31.10.34/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 78.31.10.34 dst 78.31.14.85
proto esp reqid 11 mode tunnel
src 78.31.14.85/32 dst 193.182.12.19/32
dir out priority 1680
tmpl src 78.31.14.85 dst 193.182.12.19
proto esp reqid 60822 mode tunnel
src 193.182.12.19/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 193.182.12.19 dst 78.31.14.85
proto esp reqid 60822 mode tunnel
src 193.182.12.19/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 193.182.12.19 dst 78.31.14.85
proto esp reqid 60822 mode tunnel
src 78.31.14.85/32 dst 193.182.12.147/32
dir out priority 1680
tmpl src 78.31.14.85 dst 193.182.12.147
proto esp reqid 60823 mode tunnel
src 193.182.12.147/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 193.182.12.147 dst 78.31.14.85
proto esp reqid 60823 mode tunnel
src 193.182.12.147/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 193.182.12.147 dst 78.31.14.85
proto esp reqid 60823 mode tunnel
src 78.31.14.85/32 dst 193.182.12.18/32
dir out priority 1680
tmpl src 78.31.14.85 dst 193.182.12.18
proto esp reqid 60824 mode tunnel
src 193.182.12.18/32 dst 78.31.14.85/32
dir in priority 1680
tmpl src 193.182.12.18 dst 78.31.14.85
proto esp reqid 60824 mode tunnel
src 193.182.12.18/32 dst 78.31.14.85/32
dir fwd priority 1680
tmpl src 193.182.12.18 dst 78.31.14.85
proto esp reqid 60824 mode tunnel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 3813 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110523/58202d1d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: annalise.ipsec.conf
Type: application/octet-stream
Size: 3893 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110523/58202d1d/attachment-0001.obj>
More information about the Users
mailing list