[strongSwan] ipsec eroute issue
Rajat
rajat.toshniwal at tekmindz.com
Tue Oct 16 09:45:52 CEST 2012
Hi
I am trying to set up a ipsec vpn between ubuntu(lucid 10.04) and windows xp machine via ikev1 and have been trying this configuration from last one week.
In my logs it shows that ipsec sa is established. But somehow the eroutes required for ipsec vpn are not there due to which tunnel does not established.
I am pasting my configuration files here
ipsec.conf
config setup
plutodebug=all
nat_traversal=yes
charonstart=no
plutostart=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
conn host-host
authby=secret
pfs=no
left=%defaultroute
leftprotoport=17/1701
leftfirewall=yes
right=192.168.10.85
rightprotoport=17/1701
type=transport
auto=add
include /var/lib/strongswan/ipsec.conf.inc
ipsec.secrets
192.168.10.192 192.168.10.85 : PSK "1234"
Linux server ip is 192.168.10.192
Windows machine ip is 192.168.10.85
ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.6.4):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:4500
000 interface lo/lo 127.0.0.1:500
000 interface eth2/eth2 192.168.20.1:4500
000 interface eth2/eth2 192.168.20.1:500
000 interface eth3/eth3 192.168.10.192:4500
000 interface eth3/eth3 192.168.10.192:500
000 %myid = '%any'
000 loaded plugins: aes des blowfish sha1 sha2 md5 random x509 pkcs1 pkcs8 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve
000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore
000
000 "host-host": 192.168.10.192[192.168.10.192]:17/1701---192.168.10.254...192.168.10.85[192.168.10.85]:17/1701; prospective erouted; eroute owner: #0
000 "host-host": ike_life: 3600s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
000 "host-host": policy: PSK+ENCRYPT; prio: 32,32; interface: eth3;
000 "host-host": newest ISAKMP SA: #0; newest IPsec SA: #0;
Logs at the time when windows client tries to connect
Oct 16 13:03:42 rajat-img pluto[8943]: | install_inbound_ipsec_sa() checking if we can route
Oct 16 13:03:42 rajat-img pluto[8943]: | route owner of "host-host" unrouted: NULL; eroute owner: NULL
Oct 16 13:03:42 rajat-img pluto[8943]: | kernel_alg_esp_info():transid=3, auth=1, ei=0x80b9a68, enckeylen=24, authkeylen=16, encryptalg=3, authalg=2
Oct 16 13:03:42 rajat-img pluto[8943]: | adding SAD entry with SPI cc48ef2f and reqid {16384}
Oct 16 13:03:42 rajat-img pluto[8943]: | using encryption algorithm 3DES_CBC with key size 192
Oct 16 13:03:42 rajat-img pluto[8943]: | using integrity algorithm HMAC_MD5_96 with key size 128
Oct 16 13:03:42 rajat-img pluto[8943]: | sending XFRM_MSG_UPDSA: => 420 bytes @ 0xbfc8215c
Oct 16 13:03:42 rajat-img pluto[8943]: | 0: A4 01 00 00 1A 00 05 00 CA 00 00 00 EF 22 00 00 ............."..
Oct 16 13:03:42 rajat-img pluto[8943]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 64: 00 00 00 00 00 00 00 00 C0 A8 0A C0 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 80: 00 00 00 00 00 00 00 00 CC 48 EF 2F 32 00 00 00 .........H./2...
Oct 16 13:03:42 rajat-img pluto[8943]: | 96: C0 A8 0A 55 00 00 00 00 00 00 00 00 00 00 00 00 ...U............
Oct 16 13:03:42 rajat-img pluto[8943]: | 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 224: 00 40 00 00 02 00 00 20 00 00 00 00 60 00 02 00 . at ..... ....`...
Oct 16 13:03:42 rajat-img pluto[8943]: | 240: 64 65 73 33 5F 65 64 65 00 00 00 00 00 00 00 00 des3_ede........
Oct 16 13:03:42 rajat-img pluto[8943]: | 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 304: C0 00 00 00 DF E6 01 5A B6 BB 75 CD 91 52 5F FD .......Z..u..R_.
Oct 16 13:03:42 rajat-img pluto[8943]: | 320: C6 16 32 ED BB 2B 44 B9 78 BF B6 D7 58 00 01 00 ..2..+D.x...X...
Oct 16 13:03:42 rajat-img pluto[8943]: | 336: 6D 64 35 00 00 00 00 00 00 00 00 00 00 00 00 00 md5.............
Oct 16 13:03:42 rajat-img pluto[8943]: | 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 400: 80 00 00 00 61 D5 B3 4F 10 A5 E8 18 E2 43 5A C4 ....a..O.....CZ.
Oct 16 13:03:42 rajat-img pluto[8943]: | 416: 1E 88 C8 36 ...6
Oct 16 13:03:42 rajat-img pluto[8943]: | encrypting:
Oct 16 13:03:42 rajat-img pluto[8943]: | 01 00 00 18 03 2c f8 dc 85 44 fe bd 6e 5f b8 71
Oct 16 13:03:42 rajat-img pluto[8943]: | 9c 9a 87 11 e5 8b 1b 01 0a 00 00 40 00 00 00 01
Oct 16 13:03:42 rajat-img pluto[8943]: | 00 00 00 01 00 00 00 34 01 03 04 01 cc 48 ef 2f
Oct 16 13:03:42 rajat-img pluto[8943]: | 00 00 00 28 01 03 00 00 80 01 00 01 00 02 00 04
Oct 16 13:03:42 rajat-img pluto[8943]: | 00 00 0e 10 80 01 00 02 00 02 00 04 00 03 d0 90
Oct 16 13:03:42 rajat-img pluto[8943]: | 80 04 00 02 80 05 00 01 05 00 00 14 bc c0 59 92
Oct 16 13:03:42 rajat-img pluto[8943]: | 86 40 b7 bf 82 f6 d3 eb 6a 15 23 8a 05 00 00 0c
Oct 16 13:03:42 rajat-img pluto[8943]: | 01 11 06 a5 c0 a8 0a 55 00 00 00 0c 01 11 06 a5
Oct 16 13:03:42 rajat-img pluto[8943]: | c0 a8 0a c0
Oct 16 13:03:42 rajat-img pluto[8943]: | emitting 4 zero bytes of encryption padding into ISAKMP Message
Oct 16 13:03:42 rajat-img pluto[8943]: | encrypting using 3DES_CBC
Oct 16 13:03:42 rajat-img pluto[8943]: | next IV: d3 1c cb c2 10 66 4b 78
Oct 16 13:03:42 rajat-img pluto[8943]: | emitting length of ISAKMP Message: 164
Oct 16 13:03:42 rajat-img pluto[8943]: | sending 164 bytes for STATE_QUICK_R0 through eth3 to 192.168.10.85:500:
Oct 16 13:03:42 rajat-img pluto[8943]: | c4 01 0c 2a ff fd 7e d4 5e 5f 9c 96 b4 eb 50 3a
Oct 16 13:03:42 rajat-img pluto[8943]: | 08 10 20 01 18 c7 0e eb 00 00 00 a4 90 46 45 ca
Oct 16 13:03:42 rajat-img pluto[8943]: | a2 fd cb 9e c5 dc 87 ca cd a8 db fa 57 d7 1e 7f
Oct 16 13:03:42 rajat-img pluto[8943]: | fd 32 c8 22 24 e7 8c 3f 64 d8 f6 49 b5 f8 ea b5
Oct 16 13:03:42 rajat-img pluto[8943]: | 0c 8d f6 b3 4c 24 48 4f 46 ac 62 2c 70 e4 41 ac
Oct 16 13:03:42 rajat-img pluto[8943]: | 9a 20 e4 35 a6 87 32 13 ff f3 1d 0c df 1f 53 fe
Oct 16 13:03:42 rajat-img pluto[8943]: | 4f 32 3a b2 e5 f4 ee 51 10 d4 74 67 2d b4 47 a7
Oct 16 13:03:42 rajat-img pluto[8943]: | 03 78 03 e8 ff 9e da 9f 15 8d 16 0d 4a 08 90 1e
Oct 16 13:03:42 rajat-img pluto[8943]: | 03 c8 65 82 54 1a 0f a3 97 c6 cd 95 b1 c8 6f 96
Oct 16 13:03:42 rajat-img pluto[8943]: | a1 06 16 b6 fb a7 08 a6 f8 70 81 0b d3 1c cb c2
Oct 16 13:03:42 rajat-img pluto[8943]: | 10 66 4b 78
Oct 16 13:03:42 rajat-img pluto[8943]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
Oct 16 13:03:42 rajat-img pluto[8943]: | next event EVENT_RETRANSMIT in 10 seconds for #2
Oct 16 13:03:42 rajat-img pluto[8943]: |
Oct 16 13:03:42 rajat-img pluto[8943]: | *received 52 bytes from 192.168.10.85:500 on eth3
Oct 16 13:03:42 rajat-img pluto[8943]: | c4 01 0c 2a ff fd 7e d4 5e 5f 9c 96 b4 eb 50 3a
Oct 16 13:03:42 rajat-img pluto[8943]: | 08 10 20 01 18 c7 0e eb 00 00 00 34 b1 64 c1 2f
Oct 16 13:03:42 rajat-img pluto[8943]: | 23 29 02 8b b5 36 be 39 50 1e fc ee 37 80 3b 86
Oct 16 13:03:42 rajat-img pluto[8943]: | ae b8 e0 ce
Oct 16 13:03:42 rajat-img pluto[8943]: | **parse ISAKMP Message:
Oct 16 13:03:42 rajat-img pluto[8943]: | initiator cookie:
Oct 16 13:03:42 rajat-img pluto[8943]: | c4 01 0c 2a ff fd 7e d4
Oct 16 13:03:42 rajat-img pluto[8943]: | responder cookie:
Oct 16 13:03:42 rajat-img pluto[8943]: | 5e 5f 9c 96 b4 eb 50 3a
Oct 16 13:03:42 rajat-img pluto[8943]: | next payload type: ISAKMP_NEXT_HASH
Oct 16 13:03:42 rajat-img pluto[8943]: | ISAKMP version: ISAKMP Version 1.0
Oct 16 13:03:42 rajat-img pluto[8943]: | exchange type: ISAKMP_XCHG_QUICK
Oct 16 13:03:42 rajat-img pluto[8943]: | flags: ISAKMP_FLAG_ENCRYPTION
Oct 16 13:03:42 rajat-img pluto[8943]: | message ID: 18 c7 0e eb
Oct 16 13:03:42 rajat-img pluto[8943]: | length: 52
Oct 16 13:03:42 rajat-img pluto[8943]: | ICOOKIE: c4 01 0c 2a ff fd 7e d4
Oct 16 13:03:42 rajat-img pluto[8943]: | RCOOKIE: 5e 5f 9c 96 b4 eb 50 3a
Oct 16 13:03:42 rajat-img pluto[8943]: | peer: c0 a8 0a 55
Oct 16 13:03:42 rajat-img pluto[8943]: | state hash entry 2
Oct 16 13:03:42 rajat-img pluto[8943]: | state object #2 found, in STATE_QUICK_R1
Oct 16 13:03:42 rajat-img pluto[8943]: | received encrypted packet from 192.168.10.85:500
Oct 16 13:03:42 rajat-img pluto[8943]: | decrypting 24 bytes using algorithm 3DES_CBC
Oct 16 13:03:42 rajat-img pluto[8943]: | decrypted:
Oct 16 13:03:42 rajat-img pluto[8943]: | 00 00 00 18 cb 91 8e 24 b1 e4 a3 48 7e 61 41 83
Oct 16 13:03:42 rajat-img pluto[8943]: | 9d ef f9 7e 20 b4 90 83
Oct 16 13:03:42 rajat-img pluto[8943]: | next IV: 37 80 3b 86 ae b8 e0 ce
Oct 16 13:03:42 rajat-img pluto[8943]: | ***parse ISAKMP Hash Payload:
Oct 16 13:03:42 rajat-img pluto[8943]: | next payload type: ISAKMP_NEXT_NONE
Oct 16 13:03:42 rajat-img pluto[8943]: | length: 24
Oct 16 13:03:42 rajat-img pluto[8943]: | HASH(3) computed: cb 91 8e 24 b1 e4 a3 48 7e 61 41 83 9d ef f9 7e
Oct 16 13:03:42 rajat-img pluto[8943]: | 20 b4 90 83
Oct 16 13:03:42 rajat-img pluto[8943]: | kernel_alg_esp_enc_keylen(): alg_id=3, keylen=24
Oct 16 13:03:42 rajat-img pluto[8943]: | kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
Oct 16 13:03:42 rajat-img pluto[8943]: | Peer KEYMAT computed:
Oct 16 13:03:42 rajat-img pluto[8943]: | 68 bc c0 f7 96 41 f2 89 ce 17 e4 22 ec 53 d4 89
Oct 16 13:03:42 rajat-img pluto[8943]: | 3d c5 8d 2b 19 1a 99 cf 58 ca 3e f4 df d1 91 d0
Oct 16 13:03:42 rajat-img pluto[8943]: | e4 a1 ae 07 7c 3f b8 82
Oct 16 13:03:42 rajat-img pluto[8943]: | install_ipsec_sa() for #2: outbound only
Oct 16 13:03:42 rajat-img pluto[8943]: | route owner of "host-host" unrouted: NULL; eroute owner: NULL
Oct 16 13:03:42 rajat-img pluto[8943]: | kernel_alg_esp_info():transid=3, auth=1, ei=0x80b9a68, enckeylen=24, authkeylen=16, encryptalg=3, authalg=2
Oct 16 13:03:42 rajat-img pluto[8943]: | adding SAD entry with SPI 5a64b3bd and reqid {16384}
Oct 16 13:03:42 rajat-img pluto[8943]: | using encryption algorithm 3DES_CBC with key size 192
Oct 16 13:03:42 rajat-img pluto[8943]: | using integrity algorithm HMAC_MD5_96 with key size 128
Oct 16 13:03:42 rajat-img pluto[8943]: | sending XFRM_MSG_NEWSA: => 420 bytes @ 0xbfc82a3c
Oct 16 13:03:42 rajat-img pluto[8943]: | 0: A4 01 00 00 10 00 05 00 CB 00 00 00 EF 22 00 00 ............."..
Oct 16 13:03:42 rajat-img pluto[8943]: | 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 64: 00 00 00 00 00 00 00 00 C0 A8 0A 55 00 00 00 00 ...........U....
Oct 16 13:03:42 rajat-img pluto[8943]: | 80: 00 00 00 00 00 00 00 00 5A 64 B3 BD 32 00 00 00 ........Zd..2...
Oct 16 13:03:42 rajat-img pluto[8943]: | 96: C0 A8 0A C0 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 224: 00 40 00 00 02 00 00 20 00 00 00 00 60 00 02 00 . at ..... ....`...
Oct 16 13:03:42 rajat-img pluto[8943]: | 240: 64 65 73 33 5F 65 64 65 00 00 00 00 00 00 00 00 des3_ede........
Oct 16 13:03:42 rajat-img pluto[8943]: | 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 304: C0 00 00 00 68 BC C0 F7 96 41 F2 89 CE 17 E4 22 ....h....A....."
Oct 16 13:03:42 rajat-img pluto[8943]: | 320: EC 53 D4 89 3D C5 8D 2B 19 1A 99 CF 58 00 01 00 .S..=..+....X...
Oct 16 13:03:42 rajat-img pluto[8943]: | 336: 6D 64 35 00 00 00 00 00 00 00 00 00 00 00 00 00 md5.............
Oct 16 13:03:42 rajat-img pluto[8943]: | 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 400: 80 00 00 00 58 CA 3E F4 DF D1 91 D0 E4 A1 AE 07 ....X.>.........
Oct 16 13:03:42 rajat-img pluto[8943]: | 416: 7C 3F B8 82 |?..
Oct 16 13:03:42 rajat-img pluto[8943]: | sr for #2: unrouted
Oct 16 13:03:42 rajat-img pluto[8943]: | route owner of "host-host" unrouted: NULL; eroute owner: NULL
Oct 16 13:03:42 rajat-img pluto[8943]: | route_and_eroute with c: host-host (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
Oct 16 13:03:42 rajat-img pluto[8943]: | eroute_connection add eroute 192.168.10.85/32:1701 -> 192.168.10.192/32:1701 => esp.5a64b3bd at 192.168.10.192:17
Oct 16 13:03:42 rajat-img pluto[8943]: | adding policy 192.168.10.85/32[udp/l2f] === 192.168.10.192/32[udp/l2f] in
Oct 16 13:03:42 rajat-img pluto[8943]: | sending XFRM_MSG_NEWPOLICY: => 248 bytes @ 0xbfc8265c
Oct 16 13:03:42 rajat-img pluto[8943]: | 0: F8 00 00 00 13 00 05 00 CC 00 00 00 EF 22 00 00 ............."..
Oct 16 13:03:42 rajat-img pluto[8943]: | 16: C0 A8 0A C0 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 32: C0 A8 0A 55 00 00 00 00 00 00 00 00 00 00 00 00 ...U............
Oct 16 13:03:42 rajat-img pluto[8943]: | 48: 06 A5 FF FF 06 A5 FF FF 02 00 20 20 11 00 00 00 .......... ....
Oct 16 13:03:42 rajat-img pluto[8943]: | 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 160: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 176: 00 00 00 00 44 00 05 00 00 00 00 00 00 00 00 00 ....D...........
Oct 16 13:03:42 rajat-img pluto[8943]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Oct 16 13:03:42 rajat-img pluto[8943]: | 208: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 224: 00 00 00 00 00 40 00 00 00 00 00 00 FF FF FF FF ..... at ..........
Oct 16 13:03:42 rajat-img pluto[8943]: | 240: FF FF FF FF FF FF FF FF ........
Oct 16 13:03:42 rajat-img pluto[8943]: | eroute_connection add eroute 192.168.10.192/32:1701 -> 192.168.10.85/32:1701 => esp.5a64b3bd at 192.168.10.85:17
Oct 16 13:03:42 rajat-img pluto[8943]: | adding policy 192.168.10.192/32[udp/l2f] === 192.168.10.85/32[udp/l2f] out
Oct 16 13:03:42 rajat-img pluto[8943]: | sending XFRM_MSG_NEWPOLICY: => 248 bytes @ 0xbfc8265c
Oct 16 13:03:42 rajat-img pluto[8943]: | 0: F8 00 00 00 13 00 05 00 CD 00 00 00 EF 22 00 00 ............."..
Oct 16 13:03:42 rajat-img pluto[8943]: | 16: C0 A8 0A 55 00 00 00 00 00 00 00 00 00 00 00 00 ...U............
Oct 16 13:03:42 rajat-img pluto[8943]: | 32: C0 A8 0A C0 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 48: 06 A5 FF FF 06 A5 FF FF 02 00 20 20 11 00 00 00 .......... ....
Oct 16 13:03:42 rajat-img pluto[8943]: | 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 160: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 176: 01 00 00 00 44 00 05 00 00 00 00 00 00 00 00 00 ....D...........
Oct 16 13:03:42 rajat-img pluto[8943]: | 192: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Oct 16 13:03:42 rajat-img pluto[8943]: | 208: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 16 13:03:42 rajat-img pluto[8943]: | 224: 00 00 00 00 00 40 00 00 00 00 00 00 FF FF FF FF ..... at ..........
Oct 16 13:03:42 rajat-img pluto[8943]: | 240: FF FF FF FF FF FF FF FF ........
Oct 16 13:03:42 rajat-img pluto[8943]: | executing up-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='host-host' PLUTO_NEXT_HOP='192.168.10.254' PLUTO_INTERFACE='eth3' PLUTO_REQID='16384' PLUTO_ME='192.168.10.192' PLUTO_MY_ID='192.168.10.192' PLUTO_MY_CLIENT='192.168.10.192/32' PLUTO_MY_CLIENT_NET='192.168.10.192' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.10.85' PLUTO_PEER_ID='192.168.10.85' PLUTO_PEER_CLIENT='192.168.10.85/32' PLUTO_PEER_CLIENT_NET='192.168.10.85' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' ipsec _updown iptables
Oct 16 13:03:42 rajat-img pluto[8943]: | route_and_eroute: firewall_notified: true
Oct 16 13:03:42 rajat-img pluto[8943]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='host-host' PLUTO_NEXT_HOP='192.168.10.254' PLUTO_INTERFACE='eth3' PLUTO_REQID='16384' PLUTO_ME='192.168.10.192' PLUTO_MY_ID='192.168.10.192' PLUTO_MY_CLIENT='192.168.10.192/32' PLUTO_MY_CLIENT_NET='192.168.10.192' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.10.85' PLUTO_PEER_ID='192.168.10.85' PLUTO_PEER_CLIENT='192.168.10.85/32' PLUTO_PEER_CLIENT_NET='192.168.10.85' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' ipsec _updown iptables
Oct 16 13:03:42 rajat-img pluto[8943]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='host-host' PLUTO_NEXT_HOP='192.168.10.254' PLUTO_INTERFACE='eth3' PLUTO_REQID='16384' PLUTO_ME='192.168.10.192' PLUTO_MY_ID='192.168.10.192' PLUTO_MY_CLIENT='192.168.10.192/32' PLUTO_MY_CLIENT_NET='192.168.10.192' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.10.85' PLUTO_PEER_ID='192.168.10.85' PLUTO_PEER_CLIENT='192.168.10.85/32' PLUTO_PEER_CLIENT_NET='192.168.10.85' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' ipsec _updown iptables
Oct 16 13:03:42 rajat-img pluto[8943]: | route_and_eroute: instance "host-host", setting eroute_owner {spd=0x906ce28,sr=0x906ce28} to #2 (was #0) (newest_ipsec_sa=#0)
Oct 16 13:03:42 rajat-img pluto[8943]: | inI2: instance host-host[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
Oct 16 13:03:42 rajat-img pluto[8943]: | inserting event EVENT_SA_REPLACE, timeout in 1110 seconds for #2
Oct 16 13:03:42 rajat-img pluto[8943]: "host-host" #2: IPsec SA established {ESP=>0x5a64b3bd <0xcc48ef2f}
ip xfrm policy
src 192.168.10.192/32 dst 192.168.10.85/32 proto udp sport 1701 dport 1701
dir out priority 3840
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.10.85/32 dst 192.168.10.192/32 proto udp sport 1701 dport 1701
dir in priority 1792
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16384 mode transport
src ::/0 dst ::/0
dir 4 priority 0
src ::/0 dst ::/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
ip xfrm state is empty .At the time of connection it shows
src 192.168.10.192 dst 192.168.10.85
proto esp spi 0xdaa6d54f reqid 16384 mode transport
replay-window 32
auth hmac(md5) 0x1a1707d9ba479220e1b6ca1e91061aa6
enc cbc(des3_ede) 0x1d361f7adbb8ebd9776ce76c983f156c8b760bc63d882c68
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 192.168.10.85 dst 192.168.10.192
proto esp spi 0xc3e364dd reqid 16384 mode transport
replay-window 32
auth hmac(md5) 0xb3381cb3026f0a440f4f795bcb67b545
enc cbc(des3_ede) 0x05e28263d3e5249eb8ad05827d4104268468e6932f6811d2
sel src 0.0.0.0/0 dst 0.0.0.0/0
I do not have any route in table 220
Right now I am clueless .If anyone can guide me what to look for , it would be a help.
----------------------------------------------------------------------------------
Disclaimer: The information contained in this communication is confidential, private, proprietary, or otherwise privileged and is intended only for the use of the addressee. Unauthorized use, disclosure, distribution or copying is strictly prohibited and may be unlawful. If you have received this communication in error, please delete this message and notify the sender immediately - Samin TekMindz India Pvt. Ltd.
----------------------------------------------------------------------------------
More information about the Users
mailing list