[strongSwan] losing acces to the VPN
Damien Benoist
dams.benoist at gmail.com
Fri Dec 13 13:08:26 CET 2013
Hi,
After a while, 30-60 minutes hosts behind the vpn are no longer reachable.
Generally restarting strongswan fixes the problem.
Below is an example of logs in such a case.
If someone can help...
The last connection that works is at 11:07:02,
The first connection that fails is at 11:07:33.
Thanks for your help.
Configutation:
conn tstVpn
auto=add
ike=3des-sha1-modp1024!
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
# left: the client
left=192.168.x.x
leftcert=crt.pem
leftid="C=C, O=O, OU=OU, CN=CN"
leftauth=pubkey
leftauth2=xauth
leftfirewall=yes
leftsourceip=%config
# right: the server
right=x.x.x.x
rightid="C=C, O=O, OU=OU, CN=CN"
rightsubnet=x.x.x.0/24
rightauth=pubkey
Log:
Dec 13 10:20:13 test charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.1.1, Linux 3.2.0-4-amd64, x86_64)
Dec 13 10:20:13 test charon: 00[CFG] loading ca certificates from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.d/cacerts'
Dec 13 10:20:13 test charon: 00[CFG] loaded ca certificate "C=C,
O=O, CN=CN" from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.d/cacerts/cacert.pem'
Dec 13 10:20:13 test charon: 00[CFG] loading aa certificates from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.d/aacerts'
Dec 13 10:20:13 test charon: 00[CFG] loading ocsp signer certificates
from '/usr/src/strongswan/5.1.1/root/etc/ipsec.d/ocspcerts'
Dec 13 10:20:13 test charon: 00[CFG] loading attribute certificates
from '/usr/src/strongswan/5.1.1/root/etc/ipsec.d/acerts'
Dec 13 10:20:13 test charon: 00[CFG] loading crls from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.d/crls'
Dec 13 10:20:13 test charon: 00[CFG] loading secrets from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.secrets'
Dec 13 10:20:13 test charon: 00[CFG] loaded RSA private key from
'/usr/src/strongswan/5.1.1/root/etc/ipsec.d/private/key.pem'
Dec 13 10:20:13 test charon: 00[LIB] loaded plugins: charon aes des
rc2 sha1 sha2 md5 random nonce x509 revocation pubkey pkcs1 pkcs7
pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr
kernel-netlink resolve socket-default stroke updown xauth-generic
unity
Dec 13 10:20:13 test charon: 00[LIB] unable to load 6 plugin features
(6 due to unmet dependencies)
Dec 13 10:20:13 test charon: 00[JOB] spawning 16 worker threads
Dec 13 10:20:13 test charon: 11[CFG] received stroke: add connection 'tstVpn'
Dec 13 10:20:13 test charon: 11[CFG] loaded certificate "C=C, O=O,
OU=OU, CN=CN" from 'crt.pem'
Dec 13 10:20:13 test charon: 11[CFG] added configuration 'tstVpn'
Dec 13 10:20:23 test charon: 15[CFG] received stroke: initiate 'tstVpn'
Dec 13 10:20:23 test charon: 06[IKE] initiating Main Mode IKE_SA
tstVpn[1] to x.x.x.x
Dec 13 10:20:23 test charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V ]
Dec 13 10:20:23 test charon: 06[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (152 bytes)
Dec 13 10:20:23 test charon: 05[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (124 bytes)
Dec 13 10:20:23 test charon: 05[ENC] parsed ID_PROT response 0 [ SA V V ]
Dec 13 10:20:23 test charon: 05[IKE] received NAT-T (RFC 3947) vendor ID
Dec 13 10:20:23 test charon: 05[IKE] received FRAGMENTATION vendor ID
Dec 13 10:20:23 test charon: 05[ENC] generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Dec 13 10:20:23 test charon: 05[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (244 bytes)
Dec 13 10:20:23 test charon: 04[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (582 bytes)
Dec 13 10:20:23 test charon: 04[ENC] parsed ID_PROT response 0 [ KE No
CERTREQ CERTREQ CERTREQ CERTREQ V V V V NAT-D NAT-D ]
Dec 13 10:20:23 test charon: 04[IKE] received Cisco Unity vendor ID
Dec 13 10:20:23 test charon: 04[IKE] received XAuth vendor ID
Dec 13 10:20:23 test charon: 04[ENC] received unknown vendor ID:
c8:c2:83:f4:e4:67:39:9e:33:af:80:b7:98:f6:3a:9b
Dec 13 10:20:23 test charon: 04[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Dec 13 10:20:23 test charon: 04[IKE] received cert request for unknown ca '...'
Dec 13 10:20:23 test charon: 04[IKE] received cert request for unknown ca '...'
Dec 13 10:20:23 test charon: 04[IKE] received cert request for 'C=C, O=O, CN=CN'
Dec 13 10:20:23 test charon: 04[IKE] received cert request for unknown ca '...'
Dec 13 10:20:23 test charon: 04[IKE] local host is behind NAT, sending
keep alives
Dec 13 10:20:23 test charon: 04[IKE] sending cert request for "C=C, O=O, CN=CN"
Dec 13 10:20:23 test charon: 04[IKE] authentication of 'C=C, O=O,
OU=OU, CN=CN' (myself) successful
Dec 13 10:20:23 test charon: 04[IKE] sending end entity cert "C=C,
O=O, OU=OU, CN=CN"
Dec 13 10:20:23 test charon: 04[ENC] generating ID_PROT request 0 [ ID
CERT SIG CERTREQ ]
Dec 13 10:20:23 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (1028 bytes)
Dec 13 10:20:23 test charon: 03[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (996 bytes)
Dec 13 10:20:23 test charon: 03[ENC] parsed ID_PROT response 0 [ ID CERT SIG V ]
Dec 13 10:20:23 test charon: 03[IKE] received DPD vendor ID
Dec 13 10:20:23 test charon: 03[IKE] received end entity cert "C=C,
O=O, OU-OU, CN=CN"
Dec 13 10:20:23 test charon: 03[CFG] using certificate "C=C, O=O,
OU-OU, CN=CN"
Dec 13 10:20:23 test charon: 03[CFG] using trusted ca certificate
"C=C, O=O, CN=CN"
Dec 13 10:20:23 test charon: 03[CFG] checking certificate status of
"C=C, O=O, OU-OU, CN=CN"
Dec 13 10:20:23 test charon: 03[CFG] certificate status is not available
Dec 13 10:20:23 test charon: 03[CFG] reached self-signed root ca
with a path length of 0
Dec 13 10:20:23 test charon: 03[IKE] authentication of 'C=C, O=O,
OU-OU, CN=CN' with RSA successful
Dec 13 10:20:24 test charon: 02[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 10:20:24 test charon: 02[ENC] parsed TRANSACTION request
2038716648 [ HASH CPS(X_STATUS) ]
Dec 13 10:20:24 test charon: 02[IKE] XAuth authentication of 'C=C,
O=O, OU=OU, CN=CN' (myself) successful
Dec 13 10:20:24 test charon: 02[IKE] IKE_SA tstVpn[1] established
between 192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU,
CN=CN]
Dec 13 10:20:24 test charon: 02[IKE] scheduling reauthentication in 3334s
Dec 13 10:20:24 test charon: 02[IKE] maximum IKE_SA lifetime 3514s
Dec 13 10:20:24 test charon: 02[ENC] generating TRANSACTION response
2038716648 [ HASH CPA(X_STATUS) ]
Dec 13 10:20:24 test charon: 02[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (68 bytes)
Dec 13 10:20:24 test charon: 02[ENC] generating TRANSACTION request
1460452068 [ HASH CPRQ(ADDR DNS U_SPLITINC U_LOCALLAN) ]
Dec 13 10:20:24 test charon: 02[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:20:28 test charon: 13[IKE] sending retransmit 1 of request
message ID 1460452068, seq 4
Dec 13 10:20:28 test charon: 13[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:20:35 test charon: 14[IKE] sending retransmit 2 of request
message ID 1460452068, seq 4
Dec 13 10:20:35 test charon: 14[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:20:48 test charon: 04[IKE] sending retransmit 3 of request
message ID 1460452068, seq 4
Dec 13 10:20:48 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:21:08 test charon: 01[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 10:21:12 test charon: 11[IKE] sending retransmit 4 of request
message ID 1460452068, seq 4
Dec 13 10:21:12 test charon: 11[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:21:32 test charon: 14[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 10:21:52 test charon: 13[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (84 bytes)
Dec 13 10:21:52 test charon: 13[ENC] parsed INFORMATIONAL_V1 request
2016312701 [ HASH D ]
Dec 13 10:21:52 test charon: 13[IKE] received DELETE for IKE_SA tstVpn[1]
Dec 13 10:21:52 test charon: 13[IKE] deleting IKE_SA tstVpn[1] between
192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU, CN=CN]
Dec 13 10:21:52 test charon: 13[IKE] initiating Main Mode IKE_SA
tstVpn[2] to x.x.x.x
Dec 13 10:21:52 test charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Dec 13 10:21:52 test charon: 13[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (152 bytes)
Dec 13 10:21:52 test charon: 06[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (124 bytes)
Dec 13 10:21:52 test charon: 06[ENC] parsed ID_PROT response 0 [ SA V V ]
Dec 13 10:21:52 test charon: 06[IKE] received NAT-T (RFC 3947) vendor ID
Dec 13 10:21:52 test charon: 06[IKE] received FRAGMENTATION vendor ID
Dec 13 10:21:52 test charon: 06[ENC] generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Dec 13 10:21:52 test charon: 06[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (244 bytes)
Dec 13 10:21:52 test charon: 05[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (582 bytes)
Dec 13 10:21:52 test charon: 05[ENC] parsed ID_PROT response 0 [ KE No
CERTREQ CERTREQ CERTREQ CERTREQ V V V V NAT-D NAT-D ]
Dec 13 10:21:52 test charon: 05[IKE] received Cisco Unity vendor ID
Dec 13 10:21:52 test charon: 05[IKE] received XAuth vendor ID
Dec 13 10:21:52 test charon: 05[ENC] received unknown vendor ID:
3f:14:3f:1e:9f:6b:cc:b6:e4:fa:c4:08:96:b5:43:60
Dec 13 10:21:52 test charon: 05[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Dec 13 10:21:52 test charon: 05[IKE] received cert request for unknown ca '...'
Dec 13 10:21:52 test charon: 05[IKE] received cert request for unknown ca '...'
Dec 13 10:21:52 test charon: 05[IKE] received cert request for 'C=C, O=O, CN=CN'
Dec 13 10:21:52 test charon: 05[IKE] received cert request for unknown ca '...'
Dec 13 10:21:52 test charon: 05[IKE] local host is behind NAT, sending
keep alives
Dec 13 10:21:52 test charon: 05[IKE] sending cert request for "C=C, O=O, CN=CN"
Dec 13 10:21:52 test charon: 05[IKE] authentication of 'C=C, O=O,
OU=OU, CN=CN' (myself) successful
Dec 13 10:21:52 test charon: 05[IKE] sending end entity cert "C=C,
O=O, OU=OU, CN=CN"
Dec 13 10:21:52 test charon: 05[ENC] generating ID_PROT request 0 [ ID
CERT SIG CERTREQ ]
Dec 13 10:21:52 test charon: 05[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (1028 bytes)
Dec 13 10:21:52 test charon: 03[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (996 bytes)
Dec 13 10:21:52 test charon: 03[ENC] parsed ID_PROT response 0 [ ID CERT SIG V ]
Dec 13 10:21:52 test charon: 03[IKE] received DPD vendor ID
Dec 13 10:21:52 test charon: 03[IKE] received end entity cert "C=C,
O=O, OU-OU, CN=CN"
Dec 13 10:21:52 test charon: 03[CFG] using certificate "C=C, O=O,
OU-OU, CN=CN"
Dec 13 10:21:52 test charon: 03[CFG] using trusted ca certificate
"C=C, O=O, CN=CN"
Dec 13 10:21:52 test charon: 03[CFG] checking certificate status of
"C=C, O=O, OU-OU, CN=CN"
Dec 13 10:21:52 test charon: 03[CFG] certificate status is not available
Dec 13 10:21:52 test charon: 03[CFG] reached self-signed root ca
with a path length of 0
Dec 13 10:21:52 test charon: 03[IKE] authentication of 'C=C, O=O,
OU-OU, CN=CN' with RSA successful
Dec 13 10:21:52 test charon: 02[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 10:21:52 test charon: 02[ENC] parsed TRANSACTION request
1832385948 [ HASH CPS(X_STATUS) ]
Dec 13 10:21:52 test charon: 02[IKE] XAuth authentication of 'C=C,
O=O, OU=OU, CN=CN' (myself) successful
Dec 13 10:21:52 test charon: 02[IKE] IKE_SA tstVpn[2] established
between 192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU,
CN=CN]
Dec 13 10:21:52 test charon: 02[IKE] scheduling reauthentication in 3284s
Dec 13 10:21:52 test charon: 02[IKE] maximum IKE_SA lifetime 3464s
Dec 13 10:21:52 test charon: 02[ENC] generating TRANSACTION response
1832385948 [ HASH CPA(X_STATUS) ]
Dec 13 10:21:52 test charon: 02[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (68 bytes)
Dec 13 10:21:52 test charon: 02[ENC] generating TRANSACTION request
1231337455 [ HASH CPRQ(ADDR DNS U_SPLITINC U_LOCALLAN) ]
Dec 13 10:21:52 test charon: 02[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 10:21:52 test charon: 01[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 10:21:52 test charon: 01[ENC] parsed TRANSACTION response
1231337455 [ HASH CPRP(ADDR) ]
Dec 13 10:21:52 test charon: 01[IKE] installing new virtual IP 192.168.34.17
Dec 13 10:21:52 test charon: 01[ENC] generating QUICK_MODE request
2996772769 [ HASH SA No ID ID ]
Dec 13 10:21:52 test charon: 01[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (228 bytes)
Dec 13 10:21:52 test charon: 13[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (156 bytes)
Dec 13 10:21:52 test charon: 13[ENC] parsed QUICK_MODE response
2996772769 [ HASH SA No ID ID ]
Dec 13 10:21:52 test charon: 13[IKE] CHILD_SA tstVpn{1} established
with SPIs cd7458b6_i 983b1e24_o and TS 192.168.34.17/32 ===
10.66.251.0/24
Dec 13 10:21:52 test vpn: + C=C, O=O, OU-OU, CN=CN 10.66.251.0/24 ==
x.x.x.x -- 192.168.x.x == 192.168.34.17/32
Dec 13 10:21:52 test charon: 13[ENC] generating QUICK_MODE request
2996772769 [ HASH ]
Dec 13 10:21:52 test charon: 13[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (60 bytes)
Dec 13 10:22:16 test charon: 01[IKE] sending keep alive to x.x.x.x[4500]
...
Dec 13 10:37:37 test charon: 14[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 10:38:07 test charon: 06[KNL] creating rekey job for ESP
CHILD_SA with SPI 983b1e24 and reqid {1}
Dec 13 10:38:07 test charon: 06[ENC] generating QUICK_MODE request
526717644 [ HASH SA No ID ID ]
Dec 13 10:38:07 test charon: 06[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (228 bytes)
Dec 13 10:38:07 test charon: 04[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (156 bytes)
Dec 13 10:38:07 test charon: 04[ENC] parsed QUICK_MODE response
526717644 [ HASH SA No ID ID ]
Dec 13 10:38:07 test charon: 04[IKE] CHILD_SA tstVpn{1} established
with SPIs c962dbd6_i 21fcd508_o and TS 192.168.34.17/32 ===
10.66.251.0/24
Dec 13 10:38:07 test charon: 04[ENC] generating QUICK_MODE request
526717644 [ HASH ]
Dec 13 10:38:07 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (60 bytes)
Dec 13 10:38:18 test charon: 12[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 10:38:18 test charon: 12[ENC] parsed INFORMATIONAL_V1 request
1222540647 [ HASH D ]
Dec 13 10:38:18 test charon: 12[IKE] received DELETE for ESP CHILD_SA
with SPI 983b1e24
Dec 13 10:38:18 test charon: 12[IKE] closing CHILD_SA tstVpn{1} with
SPIs cd7458b6_i (185231 bytes) 983b1e24_o (97473 bytes) and TS
192.168.34.17/32 === 10.66.251.0/24
Dec 13 10:38:39 test charon: 15[IKE] sending keep alive to x.x.x.x[4500]
...
Dec 13 10:51:59 test charon: 01[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 10:52:16 test charon: 14[KNL] creating rekey job for ESP
CHILD_SA with SPI 21fcd508 and reqid {1}
Dec 13 10:52:16 test charon: 14[ENC] generating QUICK_MODE request
467638011 [ HASH SA No ID ID ]
Dec 13 10:52:16 test charon: 14[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (228 bytes)
Dec 13 10:52:16 test charon: 06[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (156 bytes)
Dec 13 10:52:16 test charon: 06[ENC] parsed QUICK_MODE response
467638011 [ HASH SA No ID ID ]
Dec 13 10:52:16 test charon: 06[IKE] CHILD_SA tstVpn{1} established
with SPIs c0689748_i 40b375c7_o and TS 192.168.34.17/32 ===
10.66.251.0/24
Dec 13 10:52:16 test charon: 06[ENC] generating QUICK_MODE request
467638011 [ HASH ]
Dec 13 10:52:16 test charon: 06[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (60 bytes)
Dec 13 10:52:40 test charon: 02[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 10:52:40 test charon: 02[ENC] parsed INFORMATIONAL_V1 request
2070358736 [ HASH D ]
Dec 13 10:52:40 test charon: 02[IKE] received DELETE for ESP CHILD_SA
with SPI 21fcd508
Dec 13 10:52:40 test charon: 02[IKE] closing CHILD_SA tstVpn{1} with
SPIs c962dbd6_i (165027 bytes) 21fcd508_o (87024 bytes) and TS
192.168.34.17/32 === 10.66.251.0/24
Dec 13 10:53:01 test charon: 14[IKE] sending keep alive to x.x.x.x[4500]
...
Dec 13 11:06:21 test charon: 12[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:06:52 test charon: 15[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (128 bytes)
Dec 13 11:06:52 test charon: 15[ENC] parsed ID_PROT request 0 [ SA V V ]
Dec 13 11:06:52 test charon: 15[IKE] received NAT-T (RFC 3947) vendor ID
Dec 13 11:06:52 test charon: 15[IKE] received FRAGMENTATION vendor ID
Dec 13 11:06:52 test charon: 15[IKE] x.x.x.x is initiating a Main Mode IKE_SA
Dec 13 11:06:52 test charon: 15[ENC] generating ID_PROT response 0 [ SA V V V ]
Dec 13 11:06:52 test charon: 15[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (132 bytes)
Dec 13 11:06:52 test charon: 13[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (582 bytes)
Dec 13 11:06:52 test charon: 13[ENC] parsed ID_PROT request 0 [ KE No
CERTREQ CERTREQ CERTREQ CERTREQ V V V V NAT-D NAT-D ]
Dec 13 11:06:52 test charon: 13[IKE] received Cisco Unity vendor ID
Dec 13 11:06:52 test charon: 13[IKE] received XAuth vendor ID
Dec 13 11:06:52 test charon: 13[ENC] received unknown vendor ID:
5d:f2:62:5e:69:4b:ce:67:e2:44:79:91:0c:b2:d7:7b
Dec 13 11:06:52 test charon: 13[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Dec 13 11:06:52 test charon: 13[IKE] received cert request for unknown ca '...'
Dec 13 11:06:52 test charon: 13[IKE] received cert request for unknown ca '...'
Dec 13 11:06:52 test charon: 13[IKE] received cert request for 'C=C, O=O, CN=CN'
Dec 13 11:06:52 test charon: 13[IKE] received cert request for unknown ca '...'
Dec 13 11:06:52 test charon: 13[IKE] local host is behind NAT, sending
keep alives
Dec 13 11:06:52 test charon: 13[IKE] sending cert request for "C=C, O=O, CN=CN"
Dec 13 11:06:52 test charon: 13[ENC] generating ID_PROT response 0 [
KE No CERTREQ NAT-D NAT-D ]
Dec 13 11:06:52 test charon: 13[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (297 bytes)
Dec 13 11:06:52 test charon: 14[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (996 bytes)
Dec 13 11:06:52 test charon: 14[ENC] parsed ID_PROT request 0 [ ID CERT SIG V ]
Dec 13 11:06:52 test charon: 14[IKE] received DPD vendor ID
Dec 13 11:06:52 test charon: 14[IKE] received end entity cert "C=C,
O=O, OU-OU, CN=CN"
Dec 13 11:06:52 test charon: 14[CFG] looking for XauthRespRSA peer
configs matching 192.168.x.x...x.x.x.x[C=C, O=O, OU-OU, CN=CN]
Dec 13 11:06:52 test charon: 14[CFG] selected peer config "tstVpn"
Dec 13 11:06:52 test charon: 14[CFG] using certificate "C=C, O=O,
OU-OU, CN=CN"
Dec 13 11:06:52 test charon: 14[CFG] using trusted ca certificate
"C=C, O=O, CN=CN"
Dec 13 11:06:52 test charon: 14[CFG] checking certificate status of
"C=C, O=O, OU-OU, CN=CN"
Dec 13 11:06:52 test charon: 14[CFG] certificate status is not available
Dec 13 11:06:52 test charon: 14[CFG] reached self-signed root ca
with a path length of 0
Dec 13 11:06:52 test charon: 14[IKE] authentication of 'C=C, O=O,
OU-OU, CN=CN' with RSA successful
Dec 13 11:06:52 test charon: 14[IKE] authentication of 'C=C, O=O,
OU=OU, CN=CN' (myself) successful
Dec 13 11:06:52 test charon: 14[IKE] sending end entity cert "C=C,
O=O, OU=OU, CN=CN"
Dec 13 11:06:52 test charon: 14[ENC] generating ID_PROT response 0 [
ID CERT SIG ]
Dec 13 11:06:52 test charon: 14[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (980 bytes)
Dec 13 11:06:52 test charon: 16[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:06:53 test charon: 06[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 11:06:53 test charon: 06[ENC] parsed TRANSACTION request
3025214895 [ HASH CPS(X_STATUS) ]
Dec 13 11:06:53 test charon: 06[IKE] XAuth authentication of 'C=C,
O=O, OU=OU, CN=CN' (myself) successful
Dec 13 11:06:53 test charon: 06[IKE] IKE_SA tstVpn[3] established
between 192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU,
CN=CN]
Dec 13 11:06:53 test charon: 06[IKE] scheduling reauthentication in 3401s
Dec 13 11:06:53 test charon: 06[IKE] maximum IKE_SA lifetime 3581s
Dec 13 11:06:53 test charon: 06[ENC] generating TRANSACTION response
3025214895 [ HASH CPA(X_STATUS) ]
Dec 13 11:06:53 test charon: 06[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (68 bytes)
Dec 13 11:06:53 test charon: 06[ENC] generating TRANSACTION request
2389510502 [ HASH CPRQ(ADDR DNS U_SPLITINC U_LOCALLAN) ]
Dec 13 11:06:53 test charon: 06[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:06:57 test charon: 05[IKE] sending retransmit 1 of request
message ID 2389510502, seq 1
Dec 13 11:06:57 test charon: 05[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
> Dec 13 11:07:02 last connection that works to a host in the vpn
Dec 13 11:07:03 test charon: 04[IKE] deleting IKE_SA tstVpn[2] between
192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU, CN=CN]
Dec 13 11:07:03 test charon: 04[IKE] sending DELETE for IKE_SA tstVpn[2]
Dec 13 11:07:03 test charon: 04[ENC] generating INFORMATIONAL_V1
request 809350405 [ HASH D ]
Dec 13 11:07:03 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:07:04 test charon: 11[IKE] sending retransmit 2 of request
message ID 2389510502, seq 1
Dec 13 11:07:04 test charon: 11[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:07:17 test charon: 14[IKE] sending retransmit 3 of request
message ID 2389510502, seq 1
Dec 13 11:07:17 test charon: 14[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:07:29 test charon: 05[KNL] creating rekey job for ESP
CHILD_SA with SPI 40b375c7 and reqid {1}
> Dec 13 11:07:33 curl stderr: curl: (28) connect() timed out! (to a host in the vpn)
Dec 13 11:07:37 test charon: 02[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:07:41 test charon: 04[IKE] sending retransmit 4 of request
message ID 2389510502, seq 1
Dec 13 11:07:41 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:08:01 test charon: 13[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:08:21 test charon: 14[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:08:23 test charon: 16[IKE] sending retransmit 5 of request
message ID 2389510502, seq 1
Dec 13 11:08:23 test charon: 16[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:08:43 test charon: 04[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:08:53 test charon: 11[KNL] creating rekey job for ESP
CHILD_SA with SPI c0689748 and reqid {1}
Dec 13 11:09:03 test charon: 01[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:09:23 test charon: 15[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:09:38 test charon: 13[IKE] giving up after 5 retransmits
Dec 13 11:09:38 test charon: 13[IKE] initiating Main Mode IKE_SA
tstVpn[4] to x.x.x.x
Dec 13 11:09:38 test charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Dec 13 11:09:38 test charon: 13[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (152 bytes)
Dec 13 11:09:38 test vpn: - C=C, O=O, OU-OU, CN=CN 10.66.251.0/24 ==
x.x.x.x -- 192.168.x.x == 192.168.34.17/32
Dec 13 11:09:38 test charon: 13[KNL] error uninstalling route
installed with policy 10.66.251.0/24 === 192.168.34.17/32 fwd
Dec 13 11:09:38 test charon: 14[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (124 bytes)
Dec 13 11:09:38 test charon: 14[ENC] parsed ID_PROT response 0 [ SA V V ]
Dec 13 11:09:38 test charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Dec 13 11:09:38 test charon: 14[IKE] received FRAGMENTATION vendor ID
Dec 13 11:09:38 test charon: 14[ENC] generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Dec 13 11:09:38 test charon: 14[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (244 bytes)
Dec 13 11:09:38 test charon: 16[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (582 bytes)
Dec 13 11:09:38 test charon: 16[ENC] parsed ID_PROT response 0 [ KE No
CERTREQ CERTREQ CERTREQ CERTREQ V V V V NAT-D NAT-D ]
Dec 13 11:09:38 test charon: 16[IKE] received Cisco Unity vendor ID
Dec 13 11:09:38 test charon: 16[IKE] received XAuth vendor ID
Dec 13 11:09:38 test charon: 16[ENC] received unknown vendor ID:
3d:fb:8b:df:2d:fe:c6:fe:be:8e:89:98:aa:5d:a2:e6
Dec 13 11:09:38 test charon: 16[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Dec 13 11:09:38 test charon: 16[IKE] received cert request for unknown ca '...'
Dec 13 11:09:38 test charon: 16[IKE] received cert request for unknown ca '...'
Dec 13 11:09:38 test charon: 16[IKE] received cert request for 'C=C, O=O, CN=CN'
Dec 13 11:09:38 test charon: 16[IKE] received cert request for unknown ca '...'
Dec 13 11:09:38 test charon: 16[IKE] local host is behind NAT, sending
keep alives
Dec 13 11:09:38 test charon: 16[IKE] sending cert request for "C=C, O=O, CN=CN"
Dec 13 11:09:38 test charon: 16[IKE] authentication of 'C=C, O=O,
OU=OU, CN=CN' (myself) successful
Dec 13 11:09:38 test charon: 16[IKE] sending end entity cert "C=C,
O=O, OU=OU, CN=CN"
Dec 13 11:09:38 test charon: 16[ENC] generating ID_PROT request 0 [ ID
CERT SIG CERTREQ ]
Dec 13 11:09:38 test charon: 16[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (1028 bytes)
Dec 13 11:09:38 test charon: 06[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (996 bytes)
Dec 13 11:09:38 test charon: 06[ENC] parsed ID_PROT response 0 [ ID CERT SIG V ]
Dec 13 11:09:38 test charon: 06[IKE] received DPD vendor ID
Dec 13 11:09:38 test charon: 06[IKE] received end entity cert "C=C,
O=O, OU-OU, CN=CN"
Dec 13 11:09:38 test charon: 06[CFG] using certificate "C=C, O=O,
OU-OU, CN=CN"
Dec 13 11:09:38 test charon: 06[CFG] using trusted ca certificate
"C=C, O=O, CN=CN"
Dec 13 11:09:38 test charon: 06[CFG] checking certificate status of
"C=C, O=O, OU-OU, CN=CN"
Dec 13 11:09:38 test charon: 06[CFG] certificate status is not available
Dec 13 11:09:38 test charon: 06[CFG] reached self-signed root ca
with a path length of 0
Dec 13 11:09:38 test charon: 06[IKE] authentication of 'C=C, O=O,
OU-OU, CN=CN' with RSA successful
Dec 13 11:09:39 test charon: 05[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 11:09:39 test charon: 05[ENC] parsed TRANSACTION request
2743300473 [ HASH CPS(X_STATUS) ]
Dec 13 11:09:39 test charon: 05[IKE] XAuth authentication of 'C=C,
O=O, OU=OU, CN=CN' (myself) successful
Dec 13 11:09:39 test charon: 05[IKE] IKE_SA tstVpn[4] established
between 192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU,
CN=CN]
Dec 13 11:09:39 test charon: 05[IKE] scheduling reauthentication in 3401s
Dec 13 11:09:39 test charon: 05[IKE] maximum IKE_SA lifetime 3581s
Dec 13 11:09:39 test charon: 05[ENC] generating TRANSACTION response
2743300473 [ HASH CPA(X_STATUS) ]
Dec 13 11:09:39 test charon: 05[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (68 bytes)
Dec 13 11:09:39 test charon: 05[ENC] generating TRANSACTION request
846248771 [ HASH CPRQ(ADDR DNS U_SPLITINC U_LOCALLAN) ]
Dec 13 11:09:39 test charon: 05[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:09:43 test charon: 01[IKE] sending retransmit 1 of request
message ID 846248771, seq 4
Dec 13 11:09:43 test charon: 01[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:09:51 test charon: 13[IKE] sending retransmit 2 of request
message ID 846248771, seq 4
Dec 13 11:09:51 test charon: 13[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:10:04 test charon: 06[IKE] sending retransmit 3 of request
message ID 846248771, seq 4
Dec 13 11:10:04 test charon: 06[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:10:24 test charon: 02[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:10:27 test charon: 04[IKE] sending retransmit 4 of request
message ID 846248771, seq 4
Dec 13 11:10:27 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:10:47 test charon: 13[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:11:07 test charon: 14[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:11:09 test charon: 16[IKE] sending retransmit 5 of request
message ID 846248771, seq 4
Dec 13 11:11:09 test charon: 16[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:11:16 test charon: 02[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (164 bytes)
Dec 13 11:11:16 test charon: 02[ENC] parsed QUICK_MODE request
2265752876 [ HASH SA No ID ID ]
Dec 13 11:11:16 test charon: 02[IKE] no matching CHILD_SA config found
Dec 13 11:11:24 test charon: 04[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (164 bytes)
Dec 13 11:11:24 test charon: 04[IKE] received retransmit of request
with ID 2265752876, but no response to retransmit
Dec 13 11:11:29 test charon: 12[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:11:32 test charon: 01[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (164 bytes)
Dec 13 11:11:32 test charon: 01[IKE] received retransmit of request
with ID 2265752876, but no response to retransmit
Dec 13 11:11:40 test charon: 15[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (164 bytes)
Dec 13 11:11:40 test charon: 15[IKE] received retransmit of request
with ID 2265752876, but no response to retransmit
Dec 13 11:11:48 test charon: 16[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 11:11:48 test charon: 16[ENC] parsed INFORMATIONAL_V1 request
3883219563 [ HASH D ]
Dec 13 11:11:48 test charon: 16[IKE] received DELETE for ESP CHILD_SA
with SPI 33ef2bb7
Dec 13 11:11:48 test charon: 16[IKE] CHILD_SA not found, ignored
Dec 13 11:11:48 test charon: 06[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (84 bytes)
Dec 13 11:11:48 test charon: 06[ENC] parsed INFORMATIONAL_V1 request
1002135900 [ HASH D ]
Dec 13 11:11:48 test charon: 06[IKE] received DELETE for IKE_SA tstVpn[4]
Dec 13 11:11:48 test charon: 06[IKE] deleting IKE_SA tstVpn[4] between
192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU, CN=CN]
Dec 13 11:11:48 test charon: 06[IKE] initiating Main Mode IKE_SA
tstVpn[5] to x.x.x.x
Dec 13 11:11:48 test charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V ]
Dec 13 11:11:48 test charon: 06[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (152 bytes)
Dec 13 11:11:48 test charon: 05[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (124 bytes)
Dec 13 11:11:48 test charon: 05[ENC] parsed ID_PROT response 0 [ SA V V ]
Dec 13 11:11:48 test charon: 05[IKE] received NAT-T (RFC 3947) vendor ID
Dec 13 11:11:48 test charon: 05[IKE] received FRAGMENTATION vendor ID
Dec 13 11:11:48 test charon: 05[ENC] generating ID_PROT request 0 [ KE
No NAT-D NAT-D ]
Dec 13 11:11:48 test charon: 05[NET] sending packet: from
192.168.x.x[500] to x.x.x.x[500] (244 bytes)
Dec 13 11:11:48 test charon: 03[NET] received packet: from
x.x.x.x[500] to 192.168.x.x[500] (582 bytes)
Dec 13 11:11:48 test charon: 03[ENC] parsed ID_PROT response 0 [ KE No
CERTREQ CERTREQ CERTREQ CERTREQ V V V V NAT-D NAT-D ]
Dec 13 11:11:48 test charon: 03[IKE] received Cisco Unity vendor ID
Dec 13 11:11:48 test charon: 03[IKE] received XAuth vendor ID
Dec 13 11:11:48 test charon: 03[ENC] received unknown vendor ID:
e6:4e:ac:96:f6:8d:91:ea:52:2f:60:b3:59:31:ef:69
Dec 13 11:11:48 test charon: 03[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
Dec 13 11:11:48 test charon: 03[IKE] received cert request for unknown ca '...'
Dec 13 11:11:48 test charon: 03[IKE] received cert request for unknown ca '...'
Dec 13 11:11:48 test charon: 03[IKE] received cert request for 'C=C, O=O, CN=CN'
Dec 13 11:11:48 test charon: 03[IKE] received cert request for unknown ca '...'
Dec 13 11:11:48 test charon: 03[IKE] local host is behind NAT, sending
keep alives
Dec 13 11:11:48 test charon: 03[IKE] sending cert request for "C=C, O=O, CN=CN"
Dec 13 11:11:48 test charon: 03[IKE] authentication of 'C=C, O=O,
OU=OU, CN=CN' (myself) successful
Dec 13 11:11:48 test charon: 03[IKE] sending end entity cert "C=C,
O=O, OU=OU, CN=CN"
Dec 13 11:11:48 test charon: 03[ENC] generating ID_PROT request 0 [ ID
CERT SIG CERTREQ ]
Dec 13 11:11:48 test charon: 03[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (1028 bytes)
Dec 13 11:11:48 test charon: 02[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (996 bytes)
Dec 13 11:11:48 test charon: 02[ENC] parsed ID_PROT response 0 [ ID CERT SIG V ]
Dec 13 11:11:48 test charon: 02[IKE] received DPD vendor ID
Dec 13 11:11:48 test charon: 02[IKE] received end entity cert "C=C,
O=O, OU-OU, CN=CN"
Dec 13 11:11:48 test charon: 02[CFG] using certificate "C=C, O=O,
OU-OU, CN=CN"
Dec 13 11:11:48 test charon: 02[CFG] using trusted ca certificate
"C=C, O=O, CN=CN"
Dec 13 11:11:48 test charon: 02[CFG] checking certificate status of
"C=C, O=O, OU-OU, CN=CN"
Dec 13 11:11:48 test charon: 02[CFG] certificate status is not available
Dec 13 11:11:48 test charon: 02[CFG] reached self-signed root ca
with a path length of 0
Dec 13 11:11:48 test charon: 02[IKE] authentication of 'C=C, O=O,
OU-OU, CN=CN' with RSA successful
Dec 13 11:11:48 test charon: 04[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 11:11:48 test charon: 04[ENC] parsed TRANSACTION request
1193946088 [ HASH CPS(X_STATUS) ]
Dec 13 11:11:48 test charon: 04[IKE] XAuth authentication of 'C=C,
O=O, OU=OU, CN=CN' (myself) successful
Dec 13 11:11:48 test charon: 04[IKE] IKE_SA tstVpn[5] established
between 192.168.x.x[C=C, O=O, OU=OU, CN=CN]...x.x.x.x[C=C, O=O, OU-OU,
CN=CN]
Dec 13 11:11:48 test charon: 04[IKE] scheduling reauthentication in 3245s
Dec 13 11:11:48 test charon: 04[IKE] maximum IKE_SA lifetime 3425s
Dec 13 11:11:48 test charon: 04[ENC] generating TRANSACTION response
1193946088 [ HASH CPA(X_STATUS) ]
Dec 13 11:11:48 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (68 bytes)
Dec 13 11:11:48 test charon: 04[ENC] generating TRANSACTION request
1757714560 [ HASH CPRQ(ADDR DNS U_SPLITINC U_LOCALLAN) ]
Dec 13 11:11:48 test charon: 04[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (84 bytes)
Dec 13 11:11:48 test charon: 11[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (68 bytes)
Dec 13 11:11:48 test charon: 11[ENC] parsed TRANSACTION response
1757714560 [ HASH CPRP(ADDR) ]
Dec 13 11:11:48 test charon: 11[IKE] installing new virtual IP 192.168.34.17
Dec 13 11:11:48 test charon: 11[ENC] generating QUICK_MODE request
781539245 [ HASH SA No ID ID ]
Dec 13 11:11:48 test charon: 11[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (228 bytes)
Dec 13 11:11:49 test charon: 15[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (156 bytes)
Dec 13 11:11:49 test charon: 15[ENC] parsed QUICK_MODE response
781539245 [ HASH SA No ID ID ]
Dec 13 11:11:49 test charon: 15[IKE] CHILD_SA tstVpn{1} established
with SPIs cb558611_i 9acf5154_o and TS 192.168.34.17/32 ===
10.66.251.0/24
Dec 13 11:11:49 test vpn: + C=C, O=O, OU-OU, CN=CN 10.66.251.0/24 ==
x.x.x.x -- 192.168.x.x == 192.168.34.17/32
Dec 13 11:11:49 test charon: 15[ENC] generating QUICK_MODE request
781539245 [ HASH ]
Dec 13 11:11:49 test charon: 15[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (60 bytes)
Dec 13 11:12:12 test charon: 01[IKE] sending keep alive to x.x.x.x[4500]
...
Dec 13 11:16:52 test charon: 12[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:16:56 test charon: 01[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (84 bytes)
Dec 13 11:16:56 test charon: 01[ENC] parsed INFORMATIONAL_V1 request
971263742 [ HASH N(DPD) ]
Dec 13 11:16:56 test charon: 01[ENC] generating INFORMATIONAL_V1
request 2377800614 [ HASH N(DPD_ACK) ]
Dec 13 11:16:56 test charon: 01[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (92 bytes)
Dec 13 11:17:01 test /USR/SBIN/CRON[13821]: (root) CMD ( cd / &&
run-parts --report /etc/cron.hourly)
Dec 13 11:17:16 test charon: 03[IKE] sending keep alive to x.x.x.x[4500]
...
Dec 13 11:21:56 test charon: 15[IKE] sending keep alive to x.x.x.x[4500]
Dec 13 11:22:06 test charon: 05[NET] received packet: from
x.x.x.x[4500] to 192.168.x.x[4500] (84 bytes)
Dec 13 11:22:06 test charon: 05[ENC] parsed INFORMATIONAL_V1 request
506112694 [ HASH N(DPD) ]
Dec 13 11:22:06 test charon: 05[ENC] generating INFORMATIONAL_V1
request 739955906 [ HASH N(DPD_ACK) ]
Dec 13 11:22:06 test charon: 05[NET] sending packet: from
192.168.x.x[4500] to x.x.x.x[4500] (92 bytes)
Dec 13 11:22:26 test charon: 02[IKE] sending keep alive to x.x.x.x[4500]
More information about the Users
mailing list