[strongSwan] Fwd: Strongswan 5.0.1 (in Amazon VPC) <--> Adtran Netvanta 5430: Quick Mode negotiation fails on Strongswan side?? Please help.
Bharath Kumar
cbkumar at gmail.com
Wed Dec 26 19:04:49 CET 2012
Trying again with a trimmed log because the message not posted quoting long
size... apologies...
Hi Guys,
I am trying to get Adtran Netvanta 5430 router connect to Strongswan VPN
5.0.1 running in Amazon VPC using certificate based authentication but am
facing issues because during Quick Mode negotiation, Strongswan is deleting
the SAD entry while the SA negotiated in phase 1 continues to be up.
However, Adtran thinks that both IKE and IPSec are up. It is a net-to-net
scenario.
Can you guys please take a look and help with what is going on? I suspect
that after Strongswan responds with a quick mode message with the selected
proposal, it didn't like what I saw and started tearing down. After that,
anytime Adtran sends packets to Strongswan (because it continues to think
everything is ok), I see xfrmInNoStates counter go up in XFRM statistics
(attached below).
Really appreciate your help.
Thanks,
Bharath Kumar
ipsec.conf (on Strongswan)
=================================================
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# charondebug = "dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2,
net 2, lib 2"
charondebug = "dmn 3, mgr 3, ike 3, chd 3, job 3, cfg 3, knl 3, net
2, lib 3"
# nat_traversal="yes"
# strictcrlpolicy=yes
# uniqueids = no
# Add connections here.
conn %default
ikelifetime=480m
keylife=480m
rekeymargin=3m
keyingtries=1
#keyexchange=ikev1
conn adtran-cert
auto=route
authby=pubkey
left=%defaultroute
leftcert=vpngwCert.pem
leftsubnet=0.0.0.0/0
right=107.0.5.22
rightcert=Adtran-VPN.pem
rightsubnet=172.17.0.0/16
===============================================
ip xfrm policy
==========
src 172.17.0.0/16 dst 0.0.0.0/0
dir fwd priority 4035 ptype main
tmpl src 107.0.5.22 dst 10.0.0.139
proto esp reqid 1 mode tunnel
src 172.17.0.0/16 dst 0.0.0.0/0
dir in priority 4035 ptype main
tmpl src 107.0.5.22 dst 10.0.0.139
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 172.17.0.0/16
dir out priority 4035 ptype main
tmpl src 10.0.0.139 dst 107.0.5.22
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src ::/0 dst ::/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src ::/0 dst ::/0
dir 4 priority 0 ptype main
=============================
$ ip xfrm state
<empty>
==============================
$cat /proc/net/xfrm_stat
XfrmInError 0
XfrmInBufferError 0
XfrmInHdrError 0
XfrmInNoStates 966
XfrmInStateProtoError 0
XfrmInStateModeError 0
XfrmInStateSeqError 0
XfrmInStateExpired 0
XfrmInStateMismatch 0
XfrmInStateInvalid 0
XfrmInTmplMismatch 0
XfrmInNoPols 0
XfrmInPolBlock 0
XfrmInPolError 0
XfrmOutError 0
XfrmOutBundleGenError 0
XfrmOutBundleCheckError 0
XfrmOutNoStates 0
XfrmOutStateProtoError 0
XfrmOutStateModeError 0
XfrmOutStateSeqError 0
XfrmOutStateExpired 0
XfrmOutPolBlock 0
XfrmOutPolDead 0
XfrmOutPolError 0
==============================
Listening IP addresses:
10.0.0.139
Connections:
adtran-cert: %any...107.0.5.22 IKEv1
adtran-cert: local: [C=US, ST=California, O=Trend Micro, Inc, OU=ICS,
CN=vpngw.ics.trendmicro.com] uses public key authentication
adtran-cert: cert: "C=US, ST=California, O=Trend Micro, Inc, OU=ICS,
CN=vpngw.ics.trendmicro.com"
adtran-cert: remote: [C=US, ST=CA, O=Trend Micro, OU=SME,
CN=Adtran-LCCA-test] uses public key authentication
adtran-cert: cert: "C=US, ST=CA, O=Trend Micro, OU=SME,
CN=Adtran-LCCA-test"
adtran-cert: child: 0.0.0.0/0 === 172.17.0.0/16 TUNNEL
Routed Connections:
adtran-cert{1}: ROUTED, TUNNEL
adtran-cert{1}: 0.0.0.0/0 === 172.17.0.0/16
Security Associations (1 up, 0 connecting):
adtran-cert[2]: ESTABLISHED 7 hours ago, 10.0.0.139[C=US, ST=California,
O=Trend Micro, Inc, OU=ICS, CN=vpngw.ics.trendmicro.com]...107.0.5.22[C=US,
ST=CA, O=TREND MICRO, OU=SME, CN=ADTRAN-LCCA-TEST]
adtran-cert[2]: IKEv1 SPIs: 24436839deedae30_i 0068db432aea5e52_r*, public
key reauthentication in 20 minutes
adtran-cert[2]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
[root at ip-10-0-0-139 ~]#
==============================
And the log messages,
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[IKE] IKE_SA adtran-cert[2]
established between 10.0.0.139[C=US, ST=California, O=Trend Micro, Inc,
OU=ICS, CN=vpngw.ics.trendmicro.com]...107.0.5.22[C=US, ST=CA, O=TREND
MICRO, OU=SME, CN=ADTRAN-LCCA-TEST]
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[IKE] IKE_SA adtran-cert[2] state
change: CONNECTING => ESTABLISHED
Dec 26 03:31:59 ip-10-0-0-139 charon: 04[JOB] next event in 28s 126ms,
waiting
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[IKE] scheduling reauthentication
in 28456s
Dec 26 03:31:59 ip-10-0-0-139 charon: 04[JOB] next event in 28s 126ms,
waiting
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[IKE] maximum IKE_SA lifetime 28636s
Dec 26 03:31:59 ip-10-0-0-139 charon: 02[MGR] checkout IKE_SA
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[IKE] sending end entity cert
"C=US, ST=California, O=Trend Micro, Inc, OU=ICS, CN=
vpngw.ics.trendmicro.com"
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[ENC] generating ID_PROT response 0
[ ID CERT SIG ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 08[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 15[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 02[MGR] IKE_SA adtran-cert[2]
successfully checked out
Dec 26 03:31:59 ip-10-0-0-139 charon: 02[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 02[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] waiting for data on sockets
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[MGR] checkout IKE_SA by message
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[MGR] IKE_SA adtran-cert[2]
successfully checked out
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[ENC] parsed INFORMATIONAL_V1
request 3548971615 [ HASH N(INITIAL_CONTACT) ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[IKE] Hash => 20 bytes @
0x7f32fc003000
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[IKE] 0: 54 F0 97 38 A7 9F 37 FB
D6 67 87 C3 46 0B 5F 4F T..8..7..g..F._O
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[IKE] 16: 59 78 58 48
YxXH
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 16[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] waiting for data on sockets
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[MGR] checkout IKE_SA by message
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[MGR] IKE_SA adtran-cert[2]
successfully checked out
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[ENC] parsed QUICK_MODE request
2536005250 [ HASH SA No ID ID ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] Hash(1) => 20 bytes @
0x7f3304000f20
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] 0: 3C 3D CC 36 C5 6E D9 C8
10 5E 9E C1 98 2D F3 E0 <=.6.n...^...-..
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] 16: 37 D9 56 45
7.VE <http://7.ve/>
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] looking for a child config
for 0.0.0.0/0[tcp/http] <http://0.0.0.0/0%5Btcp/http%5D> ===
172.17.0.0/16[tcp] <http://172.17.0.0/16%5Btcp%5D>
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] proposing traffic selectors
for us:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] 0.0.0.0/0
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] proposing traffic selectors
for other:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] 172.17.0.0/16
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] candidate "adtran-cert"
with prio 1+1
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] found matching child config
"adtran-cert" with prio 2
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selecting traffic selectors
for other:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] config: 172.17.0.0/16,
received: 172.17.0.0/16[tcp] <http://172.17.0.0/16%5Btcp%5D> => match:
172.17.0.0/16[tcp] <http://172.17.0.0/16%5Btcp%5D>
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selecting traffic selectors
for us:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] config: 0.0.0.0/0, received:
0.0.0.0/0[tcp/http] <http://0.0.0.0/0%5Btcp/http%5D> => match:
0.0.0.0/0[tcp/http] <http://0.0.0.0/0%5Btcp/http%5D>
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selecting proposal:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selecting proposal:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selecting proposal:
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] proposal matches
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] received proposals:
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[CFG] selected proposal:
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] getting SPI for reqid {2}
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] sending XFRM_MSG_ALLOCSPI: =>
248 bytes @ 0x7f331a549730
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 0: F8 00 00 00 16 00 01 00
CC 00 00 00 0E 1F 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 16: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 32: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 48: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 64: 00 00 00 00 00 00 00 00
0A 00 00 8B 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 80: 00 00 00 00 00 00 00 00
00 00 00 00 32 00 00 00 ............2...
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 96: 6B 00 05 16 00 00 00 00
00 00 00 00 00 00 00 00 k...............
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 112: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 128: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 144: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 160: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 176: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 192: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 208: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 224: 02 00 00 00 02 00 01 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] 240: 00 00 00 C0 FF FF FF CF
.......
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[KNL] got SPI c0cde9fa for reqid {2}
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] Hash(2) => 20 bytes @
0x7f3304001e50
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] 0: B9 3D 15 53 04 D6 AE 5C
EC 05 9A A9 E1 19 FD 15 .=.S...\........
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[IKE] 16: 61 E4 B9 4D
a..M
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[ENC] generating QUICK_MODE
response 2536005250 [ HASH SA No ID ID ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 08[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 04[JOB] next event in 3s 999ms,
waiting
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 01[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] waiting for data on sockets
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[MGR] checkout IKE_SA by message
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[MGR] IKE_SA adtran-cert[2]
successfully checked out
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[ENC] parsed INFORMATIONAL_V1
request 3748028806 [ HASH N((24577)) ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[IKE] Hash => 20 bytes @ 0xd45ed0
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[IKE] 0: A6 55 BE 50 CE D2 BC D5
47 9C 51 47 E7 21 5C 24 .U.P....G.QG.!\$
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[IKE] 16: 46 25 D5 81
F%..
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[IKE] received (24577) notify
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] deleting SAD entry with SPI
c0cde9fa (mark 0/0x00000000)
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] sending XFRM_MSG_DELSA: => 40
bytes @ 0x7f331413f770
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] 0: 28 00 00 00 11 00 05 00
CD 00 00 00 0E 1F 00 00 (...............
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] 16: 0A 00 00 8B 00 00 00 00
00 00 00 00 00 00 00 00 ................
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] 32: C0 CD E9 FA 02 00 32 00
......2.
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[KNL] deleted SAD entry with SPI
c0cde9fa (mark 0/0x00000000)
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 11[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 07[NET] waiting for data on sockets
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[MGR] checkout IKE_SA by message
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[MGR] IKE_SA adtran-cert[2]
successfully checked out
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[NET] received packet: from
107.0.5.22[500] to 10.0.0.139[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[ENC] parsed QUICK_MODE request
2536005250 [ HASH ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] Hash(3) => 20 bytes @
0x7f32f8000c70
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] 0: 5F 1E 57 A6 68 99 94 95
46 5E DC 35 25 DD 03 87 _.W.h...F^.5%...
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] 16: 07 C5 54 EE
..T.
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] sa payload missing
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] queueing INFORMATIONAL task
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] activating new tasks
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] activating INFORMATIONAL
task
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] Hash => 20 bytes @
0x7f32f80009c0
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] 0: BA 9B 20 89 6B CC 5E 19
15 6C 87 EC C1 50 D2 98 .. .k.^..l...P..
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] 16: 47 D5 80 DB
G...
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[ENC] generating INFORMATIONAL_V1
request 4154700430 [ HASH N(CRIT) ]
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] activating new tasks
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[IKE] nothing to initiate
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[MGR] checkin IKE_SA adtran-cert[2]
Dec 26 03:31:59 ip-10-0-0-139 charon: 13[MGR] check-in of IKE_SA successful.
Dec 26 03:31:59 ip-10-0-0-139 charon: 08[NET] sending packet: from
10.0.0.139[500] to 107.0.5.22[500]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121226/13d4453f/attachment.html>
More information about the Users
mailing list