[strongSwan] INTERNAL_ADDRESS_FAILURE when using ikev2
Jacques Henry
caramba696 at gmail.com
Fri Nov 22 08:02:51 CET 2013
Hello,
My problem is the following:
I can't use ikev2 in an environment with a roadwarrior with virtual IP.
It works perfectly with ikev1 without changing any other parameters.
My setup is the following:
- roadwarrior on an Ubuntu 12.04 64 bits using Strongswan 4.5.2-1.5ubuntu2
- VPN Gateway: Fortigate 60D with the latest version - v5.0,build0252 (GA
Patch 5)
Using ikev1 it works perfectly but when I change to ikev2 it doesn't finish
well:
- phase 1 and 2 are correctly negotiated
- a dynamic tunnel is created (SPI c07d9c83)
but immediately after that, the VPN gateway deletes the SA and tells the
roadwarrior to do the same.
I'm getting the following error: "internal address failure" (see line 87 in
the fortigate log)
What's wrong? Does ikev2 need a specific configuration? Can't I just change
from ikev1 to ikev2 "like that"?
Below is my configuration from strongswan and Fortigate.
Attached the logs.
Thanks in advance!
config setup
charonstart=yes
plutostart=no
charondebug=none
nat_traversal=yes
plutostderrlog=/logIPSEC
ca mi
cacert=IGC-SPAN_cacert.pem
conn %default
keyingtries=2
authby=secret
conn nomade-frontal
type=tunnel
ike=aes256-sha512-modp2048!
esp=aes256-sha512-modp2048!
dpddelay = 30s
dpdaction=restart
left=%defaultroute
leftsourceip=172.16.69.69
keyexchange=ikev2
pfs=yes
leftfirewall=yes
right=10.237.4.183
rightsubnet=10.0.0.0/8
auto=start
include /var/lib/strongswan/ipsec.conf.inc
The fortigate conf:
config vpn ipsec phase1
edit "test PSK"
set type dynamic
set interface "dmz"
set ike-version 2
set local-gw 0.0.0.0
set nattraversal enable
set dhgrp 14
set keylife 28800
set authmethod psk
set peertype any
set xauthtype disable
set mode main
set autoconfig disable
set proposal aes256-sha512
set localid ''
set localid-type auto
set negotiate-timeout 30
set fragmentation enable
set dpd enable
set forticlient-enforcement disable
set npu-offload enable
set psksecret ENC
Qj0KcxVdRLqoYcJbWNPsjyI12nLO1y8x8arjsTQHVMr6XIt/oNgTJ/yoKapZ8zhX+Y1Dag6xgH1TuYWIliBr+otHSgO8OeU3x4JkGWVtVmLWXxGHqSlpEMddJMlevTjH2fdmFuMUnH7UhSVis2s6OoMfSMVghYO+6mKsIj5x/XHzHtYxBpkmucsldhOlFaqpVOhUiw==
set keepalive 10
set distance 1
set priority 0
set auto-negotiate enable
set dpd-retrycount 3
set dpd-retryinterval 5
next
end
config vpn ipsec phase2
edit "test PSK"
set phase1name "test PSK"
set use-natip enable
set add-route disable
set proposal aes256-sha512
set pfs enable
set replay enable
set keepalive disable
set keylife-type seconds
set single-source disable
set route-overlap use-new
set encapsulation tunnel-mode
set protocol 0
set src-addr-type subnet
set src-port 0
set dst-addr-type subnet
set dst-port 0
set dhcp-ipsec disable
set dhgrp 14
set keylifeseconds 1800
set src-subnet 0.0.0.0 0.0.0.0
set dst-subnet 172.0.0.0 255.0.0.0
next
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131122/ff21657a/attachment.html>
-------------- next part --------------
ike 0: comes 10.237.5.5:500->10.237.4.183:500,ifindex=4....
ike 0: IKEv2 exchange=SA_INIT id=3135a51648c3d61c/0000000000000000 len=432
ike 0: in 3135A51648C3D61C00000000000000002120220800000000000001B0220000300000002C010100040300000C0100000C800E0100030000080300000E0300000802000007000000080400000E28000108000E000010DCA5796F54389E5EE86EEF20658BB3ABC9FF8820084A06DF7F13779E867C7B76A13B2840C14E433230A31AE5E483D01B2C4FD597DFE07717966B202B3D0A297A2647D2EBD5B7CA94842EFC6B230582B07CC0817A40B989F74D6AD9B1E6CED91809910E81CB324A7BFA823EEFF6B21D1018EF03DFA335EBBE98838CEAB91A9C5E4845AFD0FECD1251609D24F1983B6F0E31E44CEA2D6C6F60701E4FF334872F8A6F44B38B7D1D47DEEBFB974E2C3931F605F360C8519AC499CE092263A22B588162501AC10B7F4880B7E9B92C32AD58439B0DBDAA20FCFDD6453F9900D6A54A4A1E467477EC2D581C2366A1E2DD7C2ECD06D069A45369BE134FCF4C08308BDC290000243D9E93FE5202C8EF15D60B5AD03BF8BD0CF4B3CE3869A520BF2D2A4BC8D13A002900001C000040049F6A12869960BF75088263EE74E22C4AAB40B7500000001C00004005BFF63653AB04BE52618630AE936F7693398C09E7
ike 0:3135a51648c3d61c/0000000000000000:4707: responder received SA_INIT msg
ike 0:3135a51648c3d61c/0000000000000000:4707: received notify type NAT_DETECTION_SOURCE_IP
ike 0:3135a51648c3d61c/0000000000000000:4707: received notify type NAT_DETECTION_DESTINATION_IP
ike 0:3135a51648c3d61c/0000000000000000:4707: incoming proposal:
ike 0:3135a51648c3d61c/0000000000000000:4707: proposal id = 1:
ike 0:3135a51648c3d61c/0000000000000000:4707: protocol = IKEv2:
ike 0:3135a51648c3d61c/0000000000000000:4707: encapsulation = IKEv2/none
ike 0:3135a51648c3d61c/0000000000000000:4707: type=ENCR, val=AES_CBC (key_len = 256)
ike 0:3135a51648c3d61c/0000000000000000:4707: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
ike 0:3135a51648c3d61c/0000000000000000:4707: type=PRF, val=PRF_HMAC_SHA2_512
ike 0:3135a51648c3d61c/0000000000000000:4707: type=DH_GROUP, val=2048.
ike 0:3135a51648c3d61c/0000000000000000:4707: matched proposal id 1
ike 0:3135a51648c3d61c/0000000000000000:4707: SA proposal chosen, matched gateway test PSK
ike 0:test PSK:4707: processing notify type NAT_DETECTION_SOURCE_IP
ike 0:test PSK:4707: processing NAT-D payload
ike 0:test PSK:4707: NAT not detected
ike 0:test PSK:4707: process NAT-D
ike 0:test PSK:4707: processing notify type NAT_DETECTION_DESTINATION_IP
ike 0:test PSK:4707: processing NAT-D payload
ike 0:test PSK:4707: NAT not detected
ike 0:test PSK:4707: process NAT-D
ike 0:test PSK:4707: responder preparing SA_INIT msg
ike 0:test PSK:4707: out 3135A51648C3D61C2012D3A8C2914D402120222000000000000001A0220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E000000080400000E28000108000E00002A65BF1750F7F95A76478A9116FDAF3355DC0F550A4564F3F35C3B3B5731B3E7B7674F935B29081DD1DC11BC48FB5FFEA8C420F453C21BEC3048BFC35B896ECCB4BA71A75268917E348401E91BE38459969CC17AC0F61CFA641FC3836479AAAA814646D75FEE814AFE3757FDC6E3AE77D9A5AED2CDF67778878747F5379D930501698E19E72E48E0858611649A08D1C5C41991A1C67EC8553DE4D04D0808360A38256E6D0A843504D5EEE87F300A292DA90F18224AE974F003C4214B5B827971880F9411569B95AA55E13AD659625F3623B6F2ED997DC7BA7D98CAD2DBAF0B93C52CCC6E10C7D6B8535AF2EB0F36108517BDDCC983C262EB267E7D70D5560A3529000014080661C481696B554DE14E550152BD4B2900001C000040040FEDD1C3903D15C6604E1B7003DBF4B7306760040000001C00004005433D9228C395EB164CCE17A757D12380E1DF1CE7
ike 0:test PSK:4707: sent IKE msg (SA_INIT_RESPONSE): 10.237.4.183:500->10.237.5.5:500, len=416, id=3135a51648c3d61c/2012d3a8c2914d40
ike 0:test PSK:4707: IKE SA 3135a51648c3d61c/2012d3a8c2914d40 SK_ei 32:744FADD87CB24DDA5539E2BC52DA4B36D54042DAC66753A4CE67F2EC2C1EEA35
ike 0:test PSK:4707: IKE SA 3135a51648c3d61c/2012d3a8c2914d40 SK_er 32:4F781A03D166963E2AC69A62BC45B5BCB5BD341E60B52E48121F65A20C1980BC
ike 0:test PSK:4707: IKE SA 3135a51648c3d61c/2012d3a8c2914d40 SK_ai 64:47015F2B329A959E7655974ACC965B560BBB2D54691F754793E2395919E0818D95F795693F3197EB5005ABE008907038D3C35ACAE05DA3437281CEE4CFDBF5BD
ike 0:test PSK:4707: IKE SA 3135a51648c3d61c/2012d3a8c2914d40 SK_ar 64:44DE63552D9010B067EF24BD3DC0BE144CEA0BBD24107534192B279F89B0F733CF525085BF1AA18BA534579375FEBC3875DCBB3B3331BC4D77B5DBE07D1A20F7
ike 0: comes 10.237.5.5:4500->10.237.4.183:4500,ifindex=4....
ike 0: IKEv2 exchange=AUTH id=3135a51648c3d61c/2012d3a8c2914d40:00000001 len=352
ike 0: in 3135A51648C3D61C2012D3A8C2914D402E202308000000010000016023000144939C8FA4460794691386792A97D94DD0D7FBD4B1A4F13A8614D5F3AEACF36244E8104657244D8B01A633D8DE1E2F0A370DA45B86DE38335BA404BE6DCDF122D7688D96103FB3F52D4473D8460D333C618C62FF32B73BEA5EE317F6B3F5DB2DF59E6156906614DC1EC013456D5C9A0D1C21CCE40A4F9CFE95CEB9A64FAEA0BC752BC2D1D6B06280A9B23D5694B34C7CB7466DE1BA7DB0A59C25AFE87656D42D027AD5F92FBA0892BF64C8028DD10AA75BC1EABB6EB00623975860A014B0BBA8D7AD4D656505CA45C01D2AF561C668F98F8FC95A5BF58253594CF5EEA8073A90F7C94826C919E1D2D3CA3E0E0CDA03445A56AA868D7BF8A411E478F03A88317023FC4376793F52623555AF5B3C43A13A7DC2396322F304E4D0340226A808BFE55F037A70630C4185E39CF5C38D0ACC443C93BA938AC15C7FF5C1B386C791F43E2E
ike 0:test PSK:4707: dec 3135A51648C3D61C2012D3A8C2914D402E2023080000000100000120230000042900000C010000000AED050524000008000040002700000C010000000AED04B72F00004802000000E94BF9CAD2B8134D1AC3CE7E2140B473C472771E55FA717A1DBDA700310189CAF8EEF530CCEC90DE4AE0BE30A47B5BDE3399874B7C54827C4D7215A2652F967A210000140100000000010004AC104545000300002C00002C0000002801030403C07D9C830300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF2900001801000000070000100000FFFF0A0000000AFFFFFF290000080000400C2900000C0000400DAC1045452900000C0000400DC0A87A010000000800004021
ike 0:test PSK:4707: responder received AUTH msg
ike 0:test PSK:4707: peer identifier IPV4_ADDR 10.237.5.5
ike 0:test PSK:4707: auth verify done
ike 0:test PSK:4707: responder AUTH continuation
ike 0:test PSK:4707: authentication succeeded
ike 0:test PSK:4707: received notify type INITIAL_CONTACT
ike 0:test PSK:4707: processing child notify type INITIAL_CONTACT
ike 0:test PSK:4707: processing notify type INITIAL_CONTACT
ike 0:test PSK:4707: received notify type MOBIKE_SUPPORTED
ike 0:test PSK:4707: processing child notify type MOBIKE_SUPPORTED
ike 0:test PSK:4707: processing notify type MOBIKE_SUPPORTED
ike 0:test PSK:4707: received notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: processing child notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: processing notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: received notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: processing child notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: processing notify type ADDITIONAL_IP4_ADDRESS
ike 0:test PSK:4707: received notify type 16417
ike 0:test PSK:4707: processing child notify type 16417
ike 0:test PSK:4707: processing notify type 16417
ike 0:test PSK:4707: responder creating new child
ike 0:test PSK:4707: mode-cfg not enabled, unable to respond to Configuration Payload
ike 0:test PSK:4707:745: peer proposal:
ike 0:test PSK:4707:745: TSi_0 0:0.0.0.0-255.255.255.255:0
ike 0:test PSK:4707:745: TSr_0 0:10.0.0.0-10.255.255.255:0
ike 0:test PSK:4707:test PSK:745: trying
ike 0:test PSK:4707:test PSK:745: matched phase2
ike 0:test PSK:4707:745: accepted proposal:
ike 0:test PSK:4707:745: TSi_0 0:172.0.0.0-172.255.255.255:0
ike 0:test PSK:4707:745: TSr_0 0:10.0.0.0-10.255.255.255:0
ike 0:test PSK:4707:test PSK:745: dialup
ike 0:test PSK:4707:test PSK:745: incoming proposal:
ike 0:test PSK:4707:test PSK:745: proposal id = 1:
ike 0:test PSK:4707:test PSK:745: protocol = ESP:
ike 0:test PSK:4707:test PSK:745: encapsulation = TUNNEL
ike 0:test PSK:4707:test PSK:745: type=ENCR, val=AES_CBC (key_len = 256)
ike 0:test PSK:4707:test PSK:745: type=INTEGR, val=SHA512
ike 0:test PSK:4707:test PSK:745: PFS is disabled
ike 0:test PSK:4707:test PSK:745: matched proposal id 1
ike 0:test PSK:4707: responder preparing AUTH msg
ike 0:test PSK:4707: port change 500 -> 4500
ike 0:test PSK:4707: established IKE SA 3135a51648c3d61c/2012d3a8c2914d40
ike 0:test PSK: adding new dynamic tunnel for 10.237.5.5:4500
ike 0:test PSK_0: added new dynamic tunnel for 10.237.5.5:4500
ike 0:test PSK_0:4707: processing INITIAL-CONTACT
ike 0:test PSK_0: flushing
ike 0:test PSK_0: flushed
ike 0:test PSK_0:4707: processed INITIAL-CONTACT
ike 0:test PSK_0:4707: enc 2700000C010000000AED04B72900004802000000572A4082C09F1AF8E1F3710AD488784C80434212DC1A741362F91F5D38F3AE34D1157865EC01190D0A5C14D8503633A90999A39826ED040C9D0343D732A8F379000000080000002403020103
ike 0:test PSK_0:4707: out 3135A51648C3D61C2012D3A8C2914D402E20232000000001000000B02400009409DC5DE88F2B7A755BCE885AB0F167C0C9CEC4379790FD0FBB788CD3B88245A0A2A5A779863A2F02057239B96B2BA4C0DBC09D8C1B278196024F3BB53E08A17EE29D2CDFAB867C6F628D7C548F91FA17F6ED2CB51D129D256C51EAA8EDFB54E2986CF9BD6D06C79B27FE89AF26C7FC69ED29A7B33ECA6F5A3D6B66A42C76D4CC6646F207C6106DCBF2987A06B6C9F0C7
ike 0:test PSK_0:4707: sent IKE msg (AUTH_RESPONSE): 10.237.4.183:4500->10.237.5.5:4500, len=176, id=3135a51648c3d61c/2012d3a8c2914d40:00000001
ike 0:test PSK_0:4707:745: internal address failure
ike 0:test PSK: deleting IPsec SA with SPI ee83055a
ike 0:test PSK_0:4707:746: send informational
ike 0:test PSK_0:4707: enc 00000008010000000706050403020107
ike 0:test PSK_0:4707: out 3135A51648C3D61C2012D3A8C2914D402E20250000000000000000602A000044C5BFB71D0B5543101DCFEB66C9FB728C9322A17282C848CF4372CF152EC0531BAE4B7A635B943700C8BC768220D9AF19774EC65FFD07139FD32A753BE031ACEF
ike 0:test PSK_0:4707: sent IKE msg (INFORMATIONAL): 10.237.4.183:4500->10.237.5.5:4500, len=96, id=3135a51648c3d61c/2012d3a8c2914d40
ike 0:test PSK_0: connection expiring due to phase1 down
ike 0:test PSK_0: deleting
ike 0:test PSK_0: flushing
ike 0:test PSK_0: sending SNMP tunnel DOWN trap
ike 0:test PSK_0: flushed
ike 0:test PSK_0: delete dynamic
ike 0:test PSK_0: reset NAT-T
ike 0:test PSK_0: deleted
ike 0: comes 10.237.5.5:4500->10.237.4.183:4500,ifindex=4....
ike 0: IKEv2 exchange=INFORMATIONAL_RESPONSE id=3135a51648c3d61c/2012d3a8c2914d40 len=96
-------------- next part --------------
Nov 21 08:46:34 16[CFG] received stroke: initiate 'nomade-frontal'
Nov 21 08:46:34 16[MGR] checkout IKE_SA by config
Nov 21 08:46:34 16[MGR] created IKE_SA (unnamed)[1]
Nov 21 08:46:34 16[IKE] queueing IKE_VENDOR task
Nov 21 08:46:34 16[IKE] queueing IKE_INIT task
Nov 21 08:46:34 16[IKE] queueing IKE_NATD task
Nov 21 08:46:34 16[IKE] queueing IKE_CERT_PRE task
Nov 21 08:46:34 16[IKE] queueing IKE_AUTHENTICATE task
Nov 21 08:46:34 16[IKE] queueing IKE_CERT_POST task
Nov 21 08:46:34 16[IKE] queueing IKE_CONFIG task
Nov 21 08:46:34 16[IKE] queueing IKE_AUTH_LIFETIME task
Nov 21 08:46:34 16[IKE] queueing IKE_MOBIKE task
Nov 21 08:46:34 16[IKE] queueing IKE_ME task
Nov 21 08:46:34 16[IKE] queueing CHILD_CREATE task
Nov 21 08:46:34 16[IKE] activating new tasks
Nov 21 08:46:34 16[IKE] activating IKE_VENDOR task
Nov 21 08:46:34 16[IKE] activating IKE_INIT task
Nov 21 08:46:34 16[IKE] activating IKE_NATD task
Nov 21 08:46:34 16[IKE] activating IKE_CERT_PRE task
Nov 21 08:46:34 16[IKE] activating IKE_ME task
Nov 21 08:46:34 16[IKE] activating IKE_AUTHENTICATE task
Nov 21 08:46:34 16[IKE] activating IKE_CERT_POST task
Nov 21 08:46:34 16[IKE] activating IKE_CONFIG task
Nov 21 08:46:34 16[IKE] activating CHILD_CREATE task
Nov 21 08:46:34 16[IKE] activating IKE_AUTH_LIFETIME task
Nov 21 08:46:34 16[IKE] activating IKE_MOBIKE task
Nov 21 08:46:34 16[IKE] initiating IKE_SA nomade-frontal[1] to 10.237.4.183
Nov 21 08:46:34 16[IKE] IKE_SA nomade-frontal[1] state change: CREATED => CONNECTING
Nov 21 08:46:34 16[LIB] size of DH secret exponent: 2047 bits
Nov 21 08:46:34 16[NET] sending packet: from 10.237.5.5[500] to 10.237.4.183[500]
Nov 21 08:46:34 12[NET] sending packet: from 10.237.5.5[500] to 10.237.4.183[500]
Nov 21 08:46:34 07[JOB] next event in 3s 999ms, waiting
Nov 21 08:46:34 16[MGR] checkin IKE_SA nomade-frontal[1]
Nov 21 08:46:34 05[NET] received packet: from 10.237.4.183[500] to 10.237.5.5[500]
Nov 21 08:46:34 05[NET] waiting for data on raw sockets
Nov 21 08:46:34 03[MGR] checkout IKE_SA by message
Nov 21 08:46:34 03[MGR] IKE_SA nomade-frontal[1] successfully checked out
Nov 21 08:46:34 03[NET] received packet: from 10.237.4.183[500] to 10.237.5.5[500]
Nov 21 08:46:34 03[CFG] selecting proposal:
Nov 21 08:46:34 03[CFG] proposal matches
Nov 21 08:46:34 03[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
Nov 21 08:46:34 03[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
Nov 21 08:46:34 03[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
Nov 21 08:46:34 03[IKE] reinitiating already active tasks
Nov 21 08:46:34 03[IKE] IKE_CERT_PRE task
Nov 21 08:46:34 03[IKE] IKE_AUTHENTICATE task
Nov 21 08:46:34 03[IKE] authentication of '10.237.5.5' (myself) with pre-shared key
Nov 21 08:46:34 03[IKE] successfully created shared key MAC
Nov 21 08:46:34 03[IKE] building INTERNAL_IP4_DNS attribute
Nov 21 08:46:34 03[IKE] establishing CHILD_SA nomade-frontal
Nov 21 08:46:34 03[CFG] proposing traffic selectors for us:
Nov 21 08:46:34 03[CFG] dynamic (derived from dynamic)
Nov 21 08:46:34 03[CFG] proposing traffic selectors for other:
Nov 21 08:46:34 03[CFG] 10.0.0.0/8 (derived from 10.0.0.0/8)
Nov 21 08:46:34 03[KNL] getting SPI for reqid {1}
Nov 21 08:46:34 03[KNL] got SPI c07d9c83 for reqid {1}
Nov 21 08:46:34 03[NET] sending packet: from 10.237.5.5[4500] to 10.237.4.183[4500]
Nov 21 08:46:34 12[NET] sending packet: from 10.237.5.5[4500] to 10.237.4.183[4500]
Nov 21 08:46:34 07[JOB] next event in 3s 960ms, waiting
Nov 21 08:46:34 03[MGR] checkin IKE_SA nomade-frontal[1]
Nov 21 08:46:34 03[MGR] check-in of IKE_SA successful.
Nov 21 08:46:34 05[NET] received packet: from 10.237.4.183[4500] to 10.237.5.5[4500]
Nov 21 08:46:34 05[NET] waiting for data on raw sockets
Nov 21 08:46:34 13[MGR] checkout IKE_SA by message
Nov 21 08:46:34 13[MGR] IKE_SA nomade-frontal[1] successfully checked out
Nov 21 08:46:34 13[NET] received packet: from 10.237.4.183[4500] to 10.237.5.5[4500]
Nov 21 08:46:34 13[IKE] authentication of '10.237.4.183' with pre-shared key successful
Nov 21 08:46:34 13[IKE] IKE_SA nomade-frontal[1] established between 10.237.5.5[10.237.5.5]...10.237.4.183[10.237.4.183]
Nov 21 08:46:34 13[IKE] IKE_SA nomade-frontal[1] state change: CONNECTING => ESTABLISHED
Nov 21 08:46:34 13[IKE] scheduling reauthentication in 10198s
Nov 21 08:46:34 13[IKE] maximum IKE_SA lifetime 10738s
Nov 21 08:46:34 13[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built
Nov 21 08:46:34 13[KNL] deleting SAD entry with SPI c07d9c83
Nov 21 08:46:34 13[KNL] deleted SAD entry with SPI c07d9c83
Nov 21 08:46:34 13[IKE] activating new tasks
Nov 21 08:46:34 13[IKE] nothing to initiate
Nov 21 08:46:34 13[MGR] checkin IKE_SA nomade-frontal[1]
Nov 21 08:46:34 13[MGR] check-in of IKE_SA successful.
Nov 21 08:46:34 07[JOB] next event in 3s 956ms, waiting
Nov 21 08:46:34 05[NET] received packet: from 10.237.4.183[4500] to 10.237.5.5[4500]
Nov 21 08:46:34 05[NET] waiting for data on raw sockets
Nov 21 08:46:34 02[MGR] checkout IKE_SA by message
Nov 21 08:46:34 02[MGR] IKE_SA nomade-frontal[1] successfully checked out
Nov 21 08:46:34 02[NET] received packet: from 10.237.4.183[4500] to 10.237.5.5[4500]
Nov 21 08:46:34 02[IKE] received DELETE for IKE_SA nomade-frontal[1]
Nov 21 08:46:34 02[IKE] deleting IKE_SA nomade-frontal[1] between 10.237.5.5[10.237.5.5]...10.237.4.183[10.237.4.183]
Nov 21 08:46:34 02[IKE] IKE_SA nomade-frontal[1] state change: ESTABLISHED => DELETING
Nov 21 08:46:34 02[IKE] IKE_SA deleted
Nov 21 08:46:34 02[NET] sending packet: from 10.237.5.5[4500] to 10.237.4.183[4500]
Nov 21 08:46:34 02[MGR] checkin and destroy IKE_SA nomade-frontal[1]
Nov 21 08:46:34 02[IKE] IKE_SA nomade-frontal[1] state change: DELETING => DESTROYING
Nov 21 08:46:34 02[MGR] check-in and destroy of IKE_SA successful
Nov 21 08:46:34 07[JOB] next event in 3s 955ms, waiting
Nov 21 08:46:34 12[NET] sending packet: from 10.237.5.5[4500] to 10.237.4.183[4500]
Nov 21 08:46:38 07[JOB] got event, queuing job for execution
Nov 21 08:46:38 07[JOB] next event in 38ms, waiting
Nov 21 08:46:38 01[MGR] checkout IKE_SA
Nov 21 08:46:38 07[JOB] got event, queuing job for execution
Nov 21 08:46:38 07[JOB] next event in 26s 3ms, waiting
Nov 21 08:46:38 14[MGR] checkout IKE_SA
More information about the Users
mailing list