[strongSwan] Adding unity_split_include breaks SA negotiation
Meier, Rick
rick.meier at bluecoat.com
Tue Apr 10 19:27:56 CEST 2012
So I have a configuration of strongswan that is working just fine, it is forwarding all traffic from our IPSec Tools client as expected. The problem that I am seeing is that if I try to add unity_split_include directives to the mode config (via the attr plugin) the SA negotiation fails. It appears that strongswan can't find the connection to respond back to the client during the negotiation.
0.0.0.0/0===<public_ip>[C=US, ST=California, O=TPDev, CN=ipt.tp.net]...%any[%any]===% IPTClient
My ipsec.conf is:
config setup
crlcheckinterval=600s
cachecrls=yes
strictcrlpolicy=yes
plutostart=yes
plutodebug=all
charonstart=no
nat_traversal=yes
conn IPTClient
authby=rsasig
left=<public_ip>
leftsubnet=0.0.0.0/0
leftcert=/opt/certs/strongswan.crt
right=%any
rightsourceip=10.200.0.0/13
pfs=no
auto=add
mark_in=0x80000000
mark_out=0xffffff01
modeconfig=push
keyexchange=ikev1
leftupdown="/opt/bin/scc_updown.sh"
dpddelay=10
dpdtimeout=30
dpdaction=clear
When I add the following to strongswan.conf everything breaks:
pluto {
dns1 = 8.8.8.8
plugins {
attr {
28676 = 10.200.0.0/13, 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/8, 200.0.0.0/5, 208.0.0.0/4
}
}
}
The error is:
Apr 3 22:42:42 concentrator pluto[30207]: | peer client is 10.200.0.1
Apr 3 22:42:42 concentrator pluto[30207]: | peer client protocol/port is 0/0
Apr 3 22:42:42 concentrator pluto[30207]: | our client is subnet 10.200.0.0/13
Apr 3 22:42:42 concentrator pluto[30207]: | our client protocol/port is 0/0
Apr 3 22:42:42 concentrator pluto[30207]: | no valid attribute cert found
Apr 3 22:42:42 concentrator pluto[30207]: | find_client_connection starting with IPTClient
Apr 3 22:42:42 concentrator pluto[30207]: | looking for 10.200.0.0/13:0/0 -> 10.200.0.1/32:0/0
Apr 3 22:42:42 concentrator pluto[30207]: | concrete checking against sr#0 0.0.0.0/0 -> 10.200.0.1/32
Apr 3 22:42:42 concentrator pluto[30207]: | fc_try trying IPTClient:10.200.0.0/13:0/0 -> 10.200.0.1/32:0/0 vs IPTClient:0.0.0.0/0:0/0 -> 10.200.0.1/32:0/0
Apr 3 22:42:42 concentrator pluto[30207]: | fc_try concluding with none [0]
Apr 3 22:42:42 concentrator pluto[30207]: | fc_try IPTClient gives none
Apr 3 22:42:42 concentrator pluto[30207]: | checking hostpair 0.0.0.0/0 -> 10.200.0.1/32 is found
Apr 3 22:42:42 concentrator pluto[30207]: | fc_try trying IPTClient:10.200.0.0/13:0/0 -> 10.200.0.1/32:0/0 vs IPTClient:0.0.0.0/0:0/0 -> 0.0.0.0/0:0/0
Apr 3 22:42:42 concentrator pluto[30207]: | fc_try concluding with none [0]
Apr 3 22:42:42 concentrator pluto[30207]: | concluding with d = none
Apr 3 22:42:42 concentrator pluto[30207]: "IPTClient"[2] <public_ip>:28084 #1: cannot respond to IPsec SA request because no connection is known for 10.200.0.0/13===<public_ip>:4500[C=US, ST=California, O=TPDev CN=ipt.tp.net]...67.137.238.164:28084[O=135, OU=dev, CN=9892b573cd1aa6233357c0d35d5d10fe3c112018]===10.200.0.1/32
Apr 3 22:42:42 concentrator pluto[30207]: "IPTClient"[2] <public_ip>:28084 #1: sending encrypted notification INVALID_ID_INFORMATION to 67.137.238.164:28084
Another interesting point, if I try this same set up on an internal strongswan server from a client that is also internal (but on a different subnet) I do not see the problem, everything works as expected.
0.0.0.0/0===10.79.102.121[C=US, O=TPDev, CN=10.79.102.121]...%any[%any]===% IPTClient
ipsec.conf:
config setup
crlcheckinterval=600s
cachecrls=yes
strictcrlpolicy=yes
plutostart=yes
plutodebug=all
charonstart=no
nat_traversal=yes
conn IPTClient
authby=rsasig
left=10.79.102.121
leftsubnet=0.0.0.0/0
leftcert=/opt/certs/strongswan.crt
right=%any
rightsourceip=10.200.0.0/13
pfs=no
auto=add
mark_in=0x80000000
mark_out=0xffffff01
modeconfig=push
keyexchange=ikev1
leftupdown="/opt/bin/scc_updown.sh"
dpddelay=10
dpdtimeout=30
dpdaction=clear
log:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | peer client is 10.200.0.1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | peer client protocol/port is 0/0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | our client is subnet 16.0.0.0/4
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | our client protocol/port is 0/0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | no valid attribute cert found
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | find_client_connection starting with IPTClient
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | looking for 0.0.0.0/0:0/0 -> 10.200.0.1/32:0/0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | concrete checking against sr#0 0.0.0.0/0 -> 10.200.0.1/32
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | fc_try trying IPTClient:0.0.0.0/0:0/0 -> 10.200.0.1/32:0/0 vs IPTClient:0.0.0.0/0:0/0 -> 10.200.0.1/32:0/0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | fc_try concluding with IPTClient [161]
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | fc_try IPTClient gives IPTClient
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | concluding with d = IPTClient
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | duplicating state object #1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | creating state object #2 at 0xbb9010
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ICOOKIE: 8d c2 bf df c4 e2 b2 79
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | RCOOKIE: 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | peer: 0a 67 10 37
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | state hash entry 11
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | NAT-Traversal: received 0 NAT-OA.
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | **emit ISAKMP Message:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | initiator cookie:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 8d c2 bf df c4 e2 b2 79
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | responder cookie:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_HASH
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ISAKMP version: ISAKMP Version 1.0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | exchange type: ISAKMP_XCHG_QUICK
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | flags: ISAKMP_FLAG_ENCRYPTION
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | message ID: 20 58 62 16
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ***emit ISAKMP Hash Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_SA
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 20 zero bytes of HASH into ISAKMP Hash Payload
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Hash Payload: 24
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ***emit ISAKMP Security Association Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_NONCE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | DOI: ISAKMP_DOI_IPSEC
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ****parse IPsec DOI SIT:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ****parse ISAKMP Proposal Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_NONE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length: 172
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | proposal number: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | protocol ID: PROTO_IPSEC_ESP
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | SPI size: 4
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | number of transforms: 6
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | SPI 0c 0e 9f aa
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | *****parse ISAKMP Transform Payload (ESP):
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_T
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length: 28
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | transform number: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | transform ID: AES_CBC
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ******parse ISAKMP IPsec DOI attribute:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | af+type: SA_LIFE_TYPE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length/value: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | [1 is SA_LIFE_TYPE_SECONDS]
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ******parse ISAKMP IPsec DOI attribute:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | af+type: SA_LIFE_DURATION
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length/value: 3600
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ******parse ISAKMP IPsec DOI attribute:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | af+type: ENCAPSULATION_MODE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length/value: 3
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | [3 is ENCAPSULATION_MODE_UDP_TUNNEL]
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ******parse ISAKMP IPsec DOI attribute:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | af+type: KEY_LENGTH
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length/value: 256
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ******parse ISAKMP IPsec DOI attribute:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | af+type: AUTH_ALGORITHM
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length/value: 2
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | [2 is HMAC_SHA1]
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_enc_ok(12,256): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ****emit IPsec DOI SIT:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ****emit ISAKMP Proposal Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_NONE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | proposal number: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | protocol ID: PROTO_IPSEC_ESP
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | SPI size: 4
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | number of transforms: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | getting SPI for reqid {16392}
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_ALLOCSPI: => 248 bytes @ 0x7fffd9961c20
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: F8 00 00 00 16 00 01 00 C9 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 0A 4F 66 79 00 00 00 00 .........Ofy....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: 0A 67 10 37 00 00 00 00 00 00 00 00 00 00 00 00 .g.7............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 08 40 00 00 02 00 01 00 00 00 00 00 00 00 00 00 . at ..............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: 00 00 00 C0 FF FF FF CF ........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | got SPI c515d326 for reqid {16392}
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | SPI c5 15 d3 26
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | *****emit ISAKMP Transform Payload (ESP):
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_NONE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | transform number: 1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | transform ID: AES_CBC
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 20 raw bytes of attributes into ISAKMP Transform Payload (ESP)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | attributes 80 01 00 01 80 02 0e 10 80 04 00 03 80 06 01 00
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80 05 00 02
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Transform Payload (ESP): 28
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Proposal Payload: 40
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Security Association Payload: 52
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: "IPTClient"[2] 10.103.16.55:4500 #2: responding to Quick Mode
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ***emit ISAKMP Nonce Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_ID
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | Nr ab fd 35 f8 fd 35 5b ef 00 88 16 99 c7 4b bb 05
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Nonce Payload: 20
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 12 raw bytes of IDci into ISAKMP Message
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | IDci 05 00 00 0c 01 00 00 00 0a c8 00 01
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 16 raw bytes of IDcr into ISAKMP Message
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | IDcr 00 00 00 10 04 00 00 00 10 00 00 00 f0 00 00 00
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | HASH(2) computed:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 04 0e c3 7e 51 56 3d 05 42 50 55 58 4b 28 51 89
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | f8 5c d7 32
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_enc_keylen(): alg_id=12, keylen=16
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | KEYMAT computed:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | fd 68 22 9f db d9 cb e0 d0 d2 7c 55 f8 15 61 19
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 52 07 c4 86 ab 51 41 48 5d 87 22 aa 1d 22 e3 a8
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | b9 ae eb 74 6c fa 66 bf 46 c5 a8 fe 8a 39 2a 9e
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 14 b5 30 2a
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route owner of "IPTClient"[2] 10.103.16.55:4500 unrouted: NULL
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | install_inbound_ipsec_sa() checking if we can route
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route owner of "IPTClient"[2] 10.103.16.55:4500 unrouted: NULL; eroute owner: NULL
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_info():transid=12, auth=2, ei=0x67f0c0, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | adding SAD entry with SPI c515d326 and reqid {16392} (mark 2147483648/0xffffffff)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | using encryption algorithm AES_CBC with key size 256
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | using integrity algorithm HMAC_SHA1_96 with key size 160
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_UPDSA: => 476 bytes @ 0x7fffd9961d80
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: DC 01 00 00 1A 00 05 00 CA 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 0A 4F 66 79 00 00 00 00 .........Ofy....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: 00 00 00 00 00 00 00 00 C5 15 D3 26 32 00 00 00 ...........&2...
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: 0A 67 10 37 00 00 00 00 00 00 00 00 00 00 00 00 .g.7............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 08 40 00 00 02 00 01 20 20 00 00 00 00 00 00 00 . at ..... .......
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: 68 00 02 00 61 65 73 00 00 00 00 00 00 00 00 00 h...aes.........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 304: 00 00 00 00 00 01 00 00 FD 68 22 9F DB D9 CB E0 .........h".....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 320: D0 D2 7C 55 F8 15 61 19 52 07 C4 86 AB 51 41 48 ..|U..a.R....QAH
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 336: 5D 87 22 AA 1D 22 E3 A8 5C 00 01 00 73 68 61 31 ].".."..\...sha1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 400: 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 416: B9 AE EB 74 6C FA 66 BF 46 C5 A8 FE 8A 39 2A 9E ...tl.f.F....9*.
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 432: 14 B5 30 2A 1C 00 04 00 02 00 11 94 11 94 00 00 ..0*............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 464: 0C 00 15 00 00 00 00 80 FF FF FF FF ............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | encrypting:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 01 00 00 18 04 0e c3 7e 51 56 3d 05 42 50 55 58
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 4b 28 51 89 f8 5c d7 32 0a 00 00 34 00 00 00 01
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 00 00 00 01 00 00 00 28 01 03 04 01 c5 15 d3 26
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 00 00 00 1c 01 0c 00 00 80 01 00 01 80 02 0e 10
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80 04 00 03 80 06 01 00 80 05 00 02 05 00 00 14
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ab fd 35 f8 fd 35 5b ef 00 88 16 99 c7 4b bb 05
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 05 00 00 0c 01 00 00 00 0a c8 00 01 00 00 00 10
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 04 00 00 00 10 00 00 00 f0 00 00 00
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting 4 zero bytes of encryption padding into ISAKMP Message
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | encrypting using AES_CBC
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next IV: 6b 61 a6 1e 39 76 74 8c 9a f9 92 5c a0 86 03 be
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | emitting length of ISAKMP Message: 156
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending 156 bytes for STATE_QUICK_R0 through eth0 to 10.103.16.55:4500:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 8d c2 bf df c4 e2 b2 79 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 08 10 20 01 20 58 62 16 00 00 00 9c d2 ae 2d 89
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 4f b3 01 10 5a 3b b7 9f 32 21 23 f6 e4 ca 29 41
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64 37 fc ff 1b 89 fa d8 42 4d f1 29 da 44 a3 19
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 43 ae 2b 93 53 e2 44 74 99 8e ef bb 50 df c1 9b
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | e6 48 9f 1e 06 72 bc 8b 47 63 ad f2 55 89 47 ae
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 59 e4 63 a0 b9 36 85 59 bd 1f 21 1a c7 b7 11 c0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | c7 48 d4 c1 fd ba 34 98 6a 6c 84 9b 1f e6 ec e0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 77 d2 97 7b fa 1b b9 96 54 1e bc 9a 6b 61 a6 1e
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 39 76 74 8c 9a f9 92 5c a0 86 03 be
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: |
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | *received 60 bytes from 10.103.16.55:4500 on eth0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 8d c2 bf df c4 e2 b2 79 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 08 10 20 01 20 58 62 16 00 00 00 3c 4a b1 f8 2b
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 43 e9 66 37 4c ba 88 db 10 9d bb 8b 1e 0c 49 7d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 5e dd 54 4b 29 42 e9 78 ed 25 00 9d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | **parse ISAKMP Message:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | initiator cookie:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 8d c2 bf df c4 e2 b2 79
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | responder cookie:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_HASH
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ISAKMP version: ISAKMP Version 1.0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | exchange type: ISAKMP_XCHG_QUICK
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | flags: ISAKMP_FLAG_ENCRYPTION
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | message ID: 20 58 62 16
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length: 60
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ICOOKIE: 8d c2 bf df c4 e2 b2 79
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | RCOOKIE: 9c 2b b4 ff a2 6e 7a 4d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | peer: 0a 67 10 37
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | state hash entry 11
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | state object #2 found, in STATE_QUICK_R1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | received encrypted packet from 10.103.16.55:4500
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | decrypting 32 bytes using algorithm AES_CBC
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | decrypted:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 00 00 00 18 a2 4c 72 f6 44 b8 32 6d 00 97 42 d1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 65 0c 3f d0 3d 73 34 97 00 00 00 00 00 00 00 08
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next IV: 1e 0c 49 7d 5e dd 54 4b 29 42 e9 78 ed 25 00 9d
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | ***parse ISAKMP Hash Payload:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | next payload type: ISAKMP_NEXT_NONE
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | length: 24
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | removing 8 bytes of padding
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | HASH(3) computed: a2 4c 72 f6 44 b8 32 6d 00 97 42 d1 65 0c 3f d0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 3d 73 34 97
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_enc_keylen(): alg_id=12, keylen=16
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | Peer KEYMAT computed:
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64 b8 69 5a 30 e2 0a 71 c9 ff ec bd 06 56 4d ca
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 74 f0 e2 a5 e0 9a 91 5a 0a f9 94 0a 06 7d 24 83
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 54 0d 19 55 71 c0 cf a7 3e fa 6f 0c 80 bd 15 96
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 7b f8 d0 c6
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | install_ipsec_sa() for #2: outbound only
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route owner of "IPTClient"[2] 10.103.16.55:4500 unrouted: NULL; eroute owner: NULL
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | kernel_alg_esp_info():transid=12, auth=2, ei=0x67f0c0, enckeylen=32, authkeylen=20, encryptalg=12, authalg=3
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | adding SAD entry with SPI 0c0e9faa and reqid {16392} (mark 4294967041/0xffffffff)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | using encryption algorithm AES_CBC with key size 256
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | using integrity algorithm HMAC_SHA1_96 with key size 160
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_NEWSA: => 476 bytes @ 0x7fffd9962750
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: DC 01 00 00 10 00 05 00 CB 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 0A 67 10 37 00 00 00 00 .........g.7....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: 00 00 00 00 00 00 00 00 0C 0E 9F AA 32 00 00 00 ............2...
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: 0A 4F 66 79 00 00 00 00 00 00 00 00 00 00 00 00 .Ofy............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 08 40 00 00 02 00 01 20 20 00 00 00 00 00 00 00 . at ..... .......
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: 68 00 02 00 61 65 73 00 00 00 00 00 00 00 00 00 h...aes.........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 304: 00 00 00 00 00 01 00 00 64 B8 69 5A 30 E2 0A 71 ........d.iZ0..q
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 320: C9 FF EC BD 06 56 4D CA 74 F0 E2 A5 E0 9A 91 5A .....VM.t......Z
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 336: 0A F9 94 0A 06 7D 24 83 5C 00 01 00 73 68 61 31 .....}$.\...sha1
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 400: 00 00 00 00 00 00 00 00 00 00 00 00 A0 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 416: 54 0D 19 55 71 C0 CF A7 3E FA 6F 0C 80 BD 15 96 T..Uq...>.o.....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 432: 7B F8 D0 C6 1C 00 04 00 02 00 11 94 11 94 00 00 {...............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 464: 0C 00 15 00 01 FF FF FF FF FF FF FF ............
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sr for #2: unrouted
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route owner of "IPTClient"[2] 10.103.16.55:4500 unrouted: NULL; eroute owner: NULL
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route_and_eroute with c: IPTClient (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | eroute_connection add eroute 10.200.0.1/32:0 -> 0.0.0.0/0:0 => tun.0 at 10.79.102.121:0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | adding policy 10.200.0.1/32 === 0.0.0.0/0 in (mark 2147483648/0xffffffff)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_NEWPOLICY: => 264 bytes @ 0x7fffd9962350
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: 08 01 00 00 13 00 05 00 CC 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 0A C8 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 02 00 00 20 00 00 00 00 ........... ....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 83 07 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 00 00 00 00 00 00 00 00 44 00 05 00 0A 4F 66 79 ........D....Ofy
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 32 00 00 00 02 00 00 00 0A 67 10 37 00 00 00 00 2........g.7....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 00 00 00 00 00 00 00 00 08 40 00 00 01 00 00 00 ......... at ......
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: FF FF FF FF FF FF FF FF FF FF FF FF 0C 00 15 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 256: 00 00 00 80 FF FF FF FF ........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | adding policy 10.200.0.1/32 === 0.0.0.0/0 fwd (mark 2147483648/0xffffffff)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_NEWPOLICY: => 264 bytes @ 0x7fffd9962350
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: 08 01 00 00 13 00 05 00 CD 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 0A C8 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 02 00 00 20 00 00 00 00 ........... ....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 83 07 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 02 00 00 00 00 00 00 00 44 00 05 00 0A 4F 66 79 ........D....Ofy
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 32 00 00 00 02 00 00 00 0A 67 10 37 00 00 00 00 2........g.7....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 00 00 00 00 00 00 00 00 08 40 00 00 01 00 00 00 ......... at ......
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: FF FF FF FF FF FF FF FF FF FF FF FF 0C 00 15 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 256: 00 00 00 80 FF FF FF FF ........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | eroute_connection add eroute 0.0.0.0/0:0 -> 10.200.0.1/32:0 => tun.0 at 10.103.16.55:0
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | adding policy 0.0.0.0/0 === 10.200.0.1/32 out (mark 4294967041/0xffffffff)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | sending XFRM_MSG_NEWPOLICY: => 264 bytes @ 0x7fffd9962350
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 0: 08 01 00 00 13 00 05 00 CE 00 00 00 88 73 00 00 .............s..
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 16: 0A C8 00 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 48: 00 00 00 00 00 00 00 00 02 00 20 00 00 00 00 00 .......... .....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 160: 00 00 00 00 00 00 00 00 83 07 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 176: 01 00 00 00 00 00 00 00 44 00 05 00 0A 67 10 37 ........D....g.7
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 208: 32 00 00 00 02 00 00 00 0A 4F 66 79 00 00 00 00 2........Ofy....
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 224: 00 00 00 00 00 00 00 00 08 40 00 00 01 00 00 00 ......... at ......
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 240: FF FF FF FF FF FF FF FF FF FF FF FF 0C 00 15 00 ................
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | 256: 01 FF FF FF FF FF FF FF ........
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='IPTClient' PLUTO_NEXT_HOP='10.103.16.55' PLUTO_INTERFACE='eth0' PLUTO_REQID='16392' PLUTO_ME='10.79.102.121' PLUTO_MY_ID='C=US, O=TPDev CN=10.79.102.121' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.103.16.55' PLUTO_PEER_ID='O=107, OU=dev CN=9d2da84782f24e45377a5f9a2fd90c029b43f87f' PLUTO_PEER_ALTNAMES='' PLUTO_PEER_CLIENT='10.200.0.1/32' PLUTO_PEER_CLIENT_NET='10.200.0.1' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='DC=com, DC=tpdemo, DC=dev, CN=dev-IP-0A00000D-Intermediate2-CA' PLUTO_MARK_IN='2147483648/0xffffffff' PLUTO_MARK_OUT='4294967041/0xffffffff' PLUTO_UDP_ENC='4500' /opt/bin/scc_updown.sh
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route_and_eroute: firewall_notified: true
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='IPTClient' PLUTO_NEXT_HOP='10.103.16.55' PLUTO_INTERFACE='eth0' PLUTO_REQID='16392' PLUTO_ME='10.79.102.121' PLUTO_MY_ID='C=US, O=TPDev, CN=10.79.102.121' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.103.16.55' PLUTO_PEER_ID='O=107, OU=dev CN=9d2da84782f24e45377a5f9a2fd90c029b43f87f' PLUTO_PEER_ALTNAMES='' PLUTO_PEER_CLIENT='10.200.0.1/32' PLUTO_PEER_CLIENT_NET='10.200.0.1' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='DC=com, DC=tpdemo, DC=dev, CN=dev-IP-0A00000D-Intermediate2-CA' PLUTO_MARK_IN='2147483648/0xffffffff' PLUTO_MARK_OUT='4294967041/0xffffffff' PLUTO_UDP_ENC='4500' /opt/bin/scc_updown.sh
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='IPTClient' PLUTO_NEXT_HOP='10.103.16.55' PLUTO_INTERFACE='eth0' PLUTO_REQID='16392' PLUTO_ME='10.79.102.121' PLUTO_MY_ID='C=US, O=TPDev, CN=10.79.102.121' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='10.103.16.55' PLUTO_PEER_ID='O=107, OU=dev, CN=9d2da84782f24e45377a5f9a2fd90c029b43f87f' PLUTO_PEER_ALTNAMES='' PLUTO_PEER_CLIENT='10.200.0.1/32' PLUTO_PEER_CLIENT_NET='10.200.0.1' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='DC=com, DC=tpdemo, DC=dev, CN=dev-IP-0A00000D-Intermediate2-CA' PLUTO_MARK_IN='2147483648/0xffffffff' PLUTO_MARK_OUT='4294967041/0xffffffff' PLUTO_UDP_ENC='4500' /opt/bin/scc_updown.sh
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | route_and_eroute: instance "IPTClient"[2] 10.103.16.55:4500, setting eroute_owner {spd=0xbbab68,sr=0xbbab68} to #2 (was #0) (newest_ipsec_sa=#0)
Apr 4 08:22:05 sv-cloud-testbed-02-concentrator pluto[29576]: | inI2: instance IPTClient[2], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Thanks
Rick
More information about the Users
mailing list