[strongSwan] why is "rekeying disabled" seen in the "ipsec statusall" output?
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Sun May 24 18:53:28 CEST 2015
Hi
I have a network setup for ipsec tunnels as in attached txt doc (also
contains other info such as syslogs, "ipsec.conf" configs, etc)
Its a setup with a central-gw behind which there is a file-server. There
are about 3 branches (gw2/gw3/gw4) which establish a site-to-site ipsec
tunnels to the central-gw and all the pcs behind each of these
remote-peer-gws send/recieve udp traffic to the file-server behind the
central-gw
Now my observation on one of the branch-Gws (its seen on all the
remote-branch-gws) for the output of "ipsec statusall" command is as below:
================================
root at OpenWrt:/etc# ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.4, Linux 3.2.26, armv7l):
uptime: 2 hours, since May 24 14:00:01 2015
malloc: sbrk 249856, mmap 0, used 119272, free 130584
worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0,
scheduled: 5
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pgp dnskey pem fips-prf gmp xcbc hmac attr
kernel-pfkeyc
Listening IP addresses:
169.254.0.1
2.2.2.4
2006::4
192.168.9.1
2018::9
Connections:
mainconn1: 2.2.2.4...172.16.10.2 IKEv2, dpddelay=30s
mainconn1: local: [C=IN, O=strongSwan, CN=gateway3] uses public key
authentication
mainconn1: cert: "C=IN, O=strongSwan, CN=gateway3"
mainconn1: remote: [C=IN, O=strongSwan, CN=gateway1] uses public key
authentication
mainconn1: child: 192.168.9.0/24 === 192.168.10.0/24 TUNNEL,
dpdaction=restart
Routed Connections:
mainconn1{1}: ROUTED, TUNNEL
mainconn1{1}: 192.168.9.0/24 === 192.168.10.0/24
Security Associations (1 up, 0 connecting):
mainconn1[8]: ESTABLISHED 8 minutes ago, 2.2.2.4[C=IN, O=strongSwan,
CN=gateway3]...172.16.10.2[C=IN, O=strongSwan, CN=gateway1]
mainconn1[8]: IKEv2 SPIs: ffd238335e9f7ba1_i* 1371e5cc4fb46730_r,
rekeying in 5 minutes
mainconn1[8]: IKE proposal:
AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096
mainconn1{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c6dd7c96_i c3b29204_o
mainconn1{1}: AES_CBC_256/HMAC_SHA1_96, 61233208 bytes_i (0 pkts, 522s
ago), 65250496 bytes_o (0 pkts, 522s ago), rekeying disabled
mainconn1{1}: 192.168.9.0/24 === 192.168.10.0/24
root at OpenWrt:/etc#
===========================================
If you refer to the configs used on central-gw and branch-gw3, you will see
that i have set smaller lifetimes on the branch-gw and a larger lifetime on
central-gw. This was to ensure that the rekeying is initiated from only one
end always
Also the dpdaction=clear setting is used only on cental-gw, whereas the
brach-gws have the setting of "dpdaction=restart"
I have not changed any default settings for rekey (it is yes by default),
but then again we see this "rekeying disabled" message. Why is this shown?
Whats the significance or meaning of this output? Is my config wrong
somewhere?
thanks & regards
rajiv
PS: my suggestion is to please "Textpad" to open/read the attached txt file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150524/210cba5e/attachment-0001.html>
-------------- next part --------------
test-setup
[PC2}192.168.10.9---10.1[centralgw](pppoe)172.16.10.2----10.1(ppp1)[pppoe-server-router]2.1----2.2.2.10[gw2]192.168.2.1----2.9[pc1]
(nat) |
|---2.2.2.4[gw3]192.168.9.1----9.9[pc3]
|
|---2.2.2.13[gw4]192.168.13.1----13.9[pc4]
On the PPPoe-Server/Router, we have enabled Masquerade on ppp1 interface:
iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
######################################################################
On the Central-gw:
root at OpenWrt:/etc# cat ipsec.conf
#/etc/ipsec.conf - strongSwan IPsec configuration file
config setup
strictcrlpolicy=no
charondebug="ike 1, knl 1, cfg 1"
conn %default
ikelifetime=3h
keylife=1h
rekeymargin=9m
keyingtries=%forever
mobike=no
reauth=no
dpddelay=30s
dpdtimeout=150s
dpdaction=clear
esp=aes256-sha1,3des-sha1,aes128-sha1,3des-sha1
ike=aes256-sha512-modp4096,3des-sha1-modp1536,aes128-sha1-modp2048,3des-sha1-modp1536
conn mainconn1
left=172.16.10.2
leftsubnet=192.168.10.0/24
authby=rsasig
leftcert=gw1Cert.pem
leftid="/C=IN/O=strongSwan/CN=gateway1"
rightca=%same
right=%any
rightsubnet=0.0.0.0/0
keyexchange=ikev2
leftfirewall=yes
auto=add
root at OpenWrt:/etc#
======================================
root at OpenWrt:/etc# ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.4, Linux 3.2.26, armv7l):
uptime: 2 hours, since May 24 13:52:03 2015
malloc: sbrk 290816, mmap 0, used 160944, free 129872
worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 53
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey pem fips-prf gmp xcbc hmac attr kernel-pfkey
kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
169.254.0.1
192.168.10.1
2007::10
172.16.10.2
2005::2
Connections:
mainconn1: 172.16.10.2...%any IKEv2, dpddelay=30s
mainconn1: local: [C=IN, O=strongSwan, CN=gateway1] uses public key authentication
mainconn1: cert: "C=IN, O=strongSwan, CN=gateway1"
mainconn1: remote: uses public key authentication
mainconn1: child: 192.168.10.0/24 === 0.0.0.0/0 TUNNEL, dpdaction=clear
Security Associations (3 up, 0 connecting):
mainconn1[25]: ESTABLISHED 117 seconds ago, 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O=strongSwan, CN=gateway3]
mainconn1[25]: IKEv2 SPIs: b806f5cb04504c1a_i 3405958b5e02e7e0_r*, rekeying in 2 hours
mainconn1[25]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096
mainconn1{17}: INSTALLED, TUNNEL, ESP in UDP SPIs: c4565c40_i cac0d0d6_o
mainconn1{17}: AES_CBC_256/HMAC_SHA1_96, 7037976 bytes_i (0 pkts, 67s ago), 7513648 bytes_o (0 pkts, 67s ago), rekeying in 42 minutes
mainconn1{17}: 192.168.10.0/24 === 2.2.2.4/32 192.168.9.0/24
mainconn1[24]: ESTABLISHED 15 minutes ago, 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O=strongSwan, CN=gateway4]
mainconn1[24]: IKEv2 SPIs: 589d48c6b379e042_i 5c44710f20830608_r*, rekeying in 2 hours
mainconn1[24]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096
mainconn1{13}: INSTALLED, TUNNEL, ESP in UDP SPIs: c37ae00b_i c5d0cb01_o
mainconn1{13}: AES_CBC_256/HMAC_SHA1_96, 37800450 bytes_i (0 pkts, 322s ago), 40281472 bytes_o (0 pkts, 322s ago), rekeying in 42 minutes
mainconn1{13}: 192.168.10.0/24 === 192.168.13.0/24
mainconn1[22]: ESTABLISHED 19 minutes ago, 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O=strongSwan, CN=gateway2]
mainconn1[22]: IKEv2 SPIs: b83b3eaed9ff5f9b_i f68cb29aa949ef16_r*, rekeying in 2 hours
mainconn1[22]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096
mainconn1{16}: INSTALLED, TUNNEL, ESP in UDP SPIs: cf8704d3_i cca3e4fa_o
mainconn1{16}: AES_CBC_256/HMAC_SHA1_96, 21033448 bytes_i (0 pkts, 183s ago), 22448752 bytes_o (0 pkts, 183s ago), rekeying in 41 minutes
mainconn1{16}: 192.168.10.0/24 === 192.168.2.0/24
root at OpenWrt:/etc#
===========================
root at OpenWrt:/etc#
root at OpenWrt:/etc# logread
May 24 16:17:56 OpenWrt daemon.info charon: 16[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:17:56 OpenWrt daemon.info charon: 16[ENC] parsed INFORMATIONAL request 31 [ ]
May 24 16:17:56 OpenWrt daemon.info charon: 16[ENC] generating INFORMATIONAL response 31 [ ]
May 24 16:17:56 OpenWrt daemon.info charon: 16[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
May 24 16:18:11 OpenWrt daemon.info charon: 13[IKE] sending DPD request
May 24 16:18:11 OpenWrt daemon.info charon: 13[ENC] generating INFORMATIONAL request 27 [ ]
May 24 16:18:11 OpenWrt daemon.info charon: 13[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:18:11 OpenWrt daemon.info charon: 09[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:11 OpenWrt daemon.info charon: 09[ENC] parsed INFORMATIONAL response 27 [ ]
May 24 16:18:14 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.1[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:14 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL request 38 [ ]
May 24 16:18:14 OpenWrt daemon.info charon: 11[ENC] generating INFORMATIONAL response 38 [ ]
May 24 16:18:14 OpenWrt daemon.info charon: 11[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[4500] (96 bytes)
May 24 16:18:20 OpenWrt daemon.info charon: 16[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (1072 bytes)
May 24 16:18:20 OpenWrt daemon.info charon: 16[ENC] parsed CREATE_CHILD_SA request 9 [ SA No KE ]
May 24 16:18:20 OpenWrt daemon.info charon: 16[IKE] 172.16.10.1 is initiating an IKE_SA
May 24 16:18:20 OpenWrt authpriv.info charon: 16[IKE] 172.16.10.1 is initiating an IKE_SA
May 24 16:18:21 OpenWrt daemon.info charon: 16[ENC] generating CREATE_CHILD_SA response 9 [ SA No KE ]
May 24 16:18:21 OpenWrt daemon.info charon: 16[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (704 bytes)
May 24 16:18:21 OpenWrt daemon.info charon: 12[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:21 OpenWrt daemon.info charon: 12[ENC] parsed INFORMATIONAL request 10 [ D ]
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] scheduling rekeying in 10113s
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] maximum IKE_SA lifetime 10653s
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] IKE_SA mainconn1[25] rekeyed between 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O=s
trongSwan, CN=gateway3]
May 24 16:18:21 OpenWrt authpriv.info charon: 12[IKE] IKE_SA mainconn1[25] rekeyed between 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O
=strongSwan, CN=gateway3]
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] received DELETE for IKE_SA mainconn1[23]
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] deleting IKE_SA mainconn1[23] between 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN, O=
strongSwan, CN=gateway3]
May 24 16:18:21 OpenWrt authpriv.info charon: 12[IKE] deleting IKE_SA mainconn1[23] between 172.16.10.2[C=IN, O=strongSwan, CN=gateway1]...172.16.10.1[C=IN,
O=strongSwan, CN=gateway3]
May 24 16:18:21 OpenWrt daemon.info charon: 12[IKE] IKE_SA deleted
May 24 16:18:21 OpenWrt authpriv.info charon: 12[IKE] IKE_SA deleted
May 24 16:18:21 OpenWrt daemon.info charon: 12[ENC] generating INFORMATIONAL response 10 [ ]
May 24 16:18:21 OpenWrt daemon.info charon: 12[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:18:26 OpenWrt daemon.info charon: 13[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:26 OpenWrt daemon.info charon: 13[ENC] parsed INFORMATIONAL request 32 [ ]
May 24 16:18:26 OpenWrt daemon.info charon: 13[ENC] generating INFORMATIONAL response 32 [ ]
May 24 16:18:26 OpenWrt daemon.info charon: 13[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
May 24 16:18:44 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.1[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:44 OpenWrt daemon.info charon: 08[ENC] parsed INFORMATIONAL request 39 [ ]
May 24 16:18:44 OpenWrt daemon.info charon: 08[ENC] generating INFORMATIONAL response 39 [ ]
May 24 16:18:44 OpenWrt daemon.info charon: 08[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[4500] (96 bytes)
May 24 16:18:49 OpenWrt daemon.info charon: 15[IKE] sending DPD request
May 24 16:18:49 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL request 0 [ ]
May 24 16:18:49 OpenWrt daemon.info charon: 15[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:18:49 OpenWrt daemon.info charon: 14[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:49 OpenWrt daemon.info charon: 14[ENC] parsed INFORMATIONAL request 0 [ ]
May 24 16:18:49 OpenWrt daemon.info charon: 14[ENC] generating INFORMATIONAL response 0 [ ]
May 24 16:18:49 OpenWrt daemon.info charon: 14[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:18:49 OpenWrt daemon.info charon: 16[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:49 OpenWrt daemon.info charon: 16[ENC] parsed INFORMATIONAL response 0 [ ]
May 24 16:18:56 OpenWrt daemon.info charon: 13[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:18:56 OpenWrt daemon.info charon: 13[ENC] parsed INFORMATIONAL request 33 [ ]
May 24 16:18:56 OpenWrt daemon.info charon: 13[ENC] generating INFORMATIONAL response 33 [ ]
May 24 16:18:56 OpenWrt daemon.info charon: 13[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL request 1 [ D ]
May 24 16:19:11 OpenWrt daemon.info charon: 11[IKE] received DELETE for ESP CHILD_SA with SPI c6dd7c96
May 24 16:19:11 OpenWrt daemon.info charon: 11[IKE] closing CHILD_SA mainconn1{15} with SPIs c3b29204_i (108258678 bytes) c6dd7c96_o (115375072 bytes) and TS
192.168.10.0/24 === 2.2.2.4/32 192.168.9.0/24
May 24 16:19:11 OpenWrt authpriv.info charon: 11[IKE] closing CHILD_SA mainconn1{15} with SPIs c3b29204_i (108258678 bytes) c6dd7c96_o (115375072 bytes) and
TS 192.168.10.0/24 === 2.2.2.4/32 192.168.9.0/24
May 24 16:19:11 OpenWrt daemon.info charon: 11[IKE] sending DELETE for ESP CHILD_SA with SPI c3b29204
May 24 16:19:11 OpenWrt daemon.info charon: 11[IKE] CHILD_SA closed
May 24 16:19:11 OpenWrt local0.notice vpn: - C=IN, O=strongSwan, CN=gateway3 2.2.2.4/32 == 172.16.10.1 -- 172.16.10.2 == 192.168.10.0/24
May 24 16:19:11 OpenWrt local0.notice vpn: - C=IN, O=strongSwan, CN=gateway3 192.168.9.0/24 == 172.16.10.1 -- 172.16.10.2 == 192.168.10.0/24
May 24 16:19:11 OpenWrt daemon.info charon: 11[ENC] generating INFORMATIONAL response 1 [ D ]
May 24 16:19:11 OpenWrt daemon.info charon: 11[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (464 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 08[ENC] parsed CREATE_CHILD_SA request 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
May 24 16:19:11 OpenWrt daemon.info charon: 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May 24 16:19:11 OpenWrt daemon.info charon: 08[IKE] CHILD_SA mainconn1{17} established with SPIs c4565c40_i cac0d0d6_o and TS 192.168.10.0/24 === 2.2.2.4/32
192.168.9.0/24
May 24 16:19:11 OpenWrt authpriv.info charon: 08[IKE] CHILD_SA mainconn1{17} established with SPIs c4565c40_i cac0d0d6_o and TS 192.168.10.0/24 === 2.2.2.4/3
2 192.168.9.0/24
May 24 16:19:11 OpenWrt local0.notice vpn: + C=IN, O=strongSwan, CN=gateway3 2.2.2.4/32 == 172.16.10.1 -- 172.16.10.2 == 192.168.10.0/24
May 24 16:19:11 OpenWrt local0.notice vpn: + C=IN, O=strongSwan, CN=gateway3 192.168.9.0/24 == 172.16.10.1 -- 172.16.10.2 == 192.168.10.0/24
May 24 16:19:11 OpenWrt daemon.info charon: 08[ENC] generating CREATE_CHILD_SA response 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
May 24 16:19:11 OpenWrt daemon.info charon: 08[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (240 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 10[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:11 OpenWrt daemon.info charon: 10[ENC] parsed INFORMATIONAL request 3 [ ]
May 24 16:19:11 OpenWrt daemon.info charon: 10[ENC] generating INFORMATIONAL response 3 [ ]
May 24 16:19:11 OpenWrt daemon.info charon: 10[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:19:14 OpenWrt daemon.info charon: 15[NET] received packet: from 172.16.10.1[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:14 OpenWrt daemon.info charon: 15[ENC] parsed INFORMATIONAL request 40 [ ]
May 24 16:19:14 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL response 40 [ ]
May 24 16:19:14 OpenWrt daemon.info charon: 15[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[4500] (96 bytes)
May 24 16:19:26 OpenWrt daemon.info charon: 12[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:26 OpenWrt daemon.info charon: 12[ENC] parsed INFORMATIONAL request 34 [ ]
May 24 16:19:26 OpenWrt daemon.info charon: 12[ENC] generating INFORMATIONAL response 34 [ ]
May 24 16:19:26 OpenWrt daemon.info charon: 12[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
May 24 16:19:41 OpenWrt daemon.info charon: 09[IKE] sending DPD request
May 24 16:19:41 OpenWrt daemon.info charon: 09[ENC] generating INFORMATIONAL request 1 [ ]
May 24 16:19:41 OpenWrt daemon.info charon: 09[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:19:41 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:41 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL response 1 [ ]
May 24 16:19:44 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.1[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:44 OpenWrt daemon.info charon: 08[ENC] parsed INFORMATIONAL request 41 [ ]
May 24 16:19:44 OpenWrt daemon.info charon: 08[ENC] generating INFORMATIONAL response 41 [ ]
May 24 16:19:44 OpenWrt daemon.info charon: 08[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[4500] (96 bytes)
May 24 16:19:56 OpenWrt daemon.info charon: 14[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:19:56 OpenWrt daemon.info charon: 14[ENC] parsed INFORMATIONAL request 35 [ ]
May 24 16:19:56 OpenWrt daemon.info charon: 14[ENC] generating INFORMATIONAL response 35 [ ]
May 24 16:19:56 OpenWrt daemon.info charon: 14[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
May 24 16:20:11 OpenWrt daemon.info charon: 12[IKE] sending DPD request
May 24 16:20:11 OpenWrt daemon.info charon: 12[ENC] generating INFORMATIONAL request 2 [ ]
May 24 16:20:11 OpenWrt daemon.info charon: 12[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:20:11 OpenWrt daemon.info charon: 13[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:20:11 OpenWrt daemon.info charon: 13[ENC] parsed INFORMATIONAL request 4 [ ]
May 24 16:20:11 OpenWrt daemon.info charon: 13[ENC] generating INFORMATIONAL response 4 [ ]
May 24 16:20:11 OpenWrt daemon.info charon: 13[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1028] (96 bytes)
May 24 16:20:11 OpenWrt daemon.info charon: 09[NET] received packet: from 172.16.10.1[1028] to 172.16.10.2[4500] (96 bytes)
May 24 16:20:11 OpenWrt daemon.info charon: 09[ENC] parsed INFORMATIONAL response 2 [ ]
May 24 16:20:14 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.1[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:20:14 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL request 42 [ ]
May 24 16:20:14 OpenWrt daemon.info charon: 11[ENC] generating INFORMATIONAL response 42 [ ]
May 24 16:20:14 OpenWrt daemon.info charon: 11[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[4500] (96 bytes)
May 24 16:20:26 OpenWrt daemon.info charon: 16[NET] received packet: from 172.16.10.1[1029] to 172.16.10.2[4500] (96 bytes)
May 24 16:20:26 OpenWrt daemon.info charon: 16[ENC] parsed INFORMATIONAL request 36 [ ]
May 24 16:20:26 OpenWrt daemon.info charon: 16[ENC] generating INFORMATIONAL response 36 [ ]
May 24 16:20:26 OpenWrt daemon.info charon: 16[NET] sending packet: from 172.16.10.2[4500] to 172.16.10.1[1029] (96 bytes)
root at OpenWrt:/etc#
===========================================
root at OpenWrt:/etc#
root at OpenWrt:/etc#
root at OpenWrt:/etc#
root at OpenWrt:/etc# ip xfrm state
src 172.16.10.2 dst 172.16.10.1
proto esp spi 0xc91209d3 reqid 16 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0x41fb385742d06523f8398222c82f739d011e98db 96
enc cbc(aes) 0x7039f1b2b4deda960d1dbd25021666a425ac97d95ffbccc8d6b8323bf7212ead
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 172.16.10.1 dst 172.16.10.2
proto esp spi 0xc3a9c65b reqid 16 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0xeefcc26105be776bd16c065278e634af0939c58e 96
enc cbc(aes) 0xb97eafd750cacedb42da98bd7f59a9323f2f0f7bcaa493f286a09d470741bc27
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 172.16.10.2 dst 172.16.10.1
proto esp spi 0xc153cf83 reqid 13 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0x41f7a75a304f18fe2eb12309ae23e7059c84d7d3 96
enc cbc(aes) 0x7031e3f907e984349362ab0f0cbbd9fce46eeb02bc27e95db0d60db920396232
encap type espinudp sport 4500 dport 1029 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 172.16.10.1 dst 172.16.10.2
proto esp spi 0xc63e521d reqid 13 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0x977227d256dd5862f5be41a5de327d4eee02f38a 96
enc cbc(aes) 0xc317995a0cb01e2de3ab685d7a476ea9edf6073a597c7eb11fd880af19c7b33f
encap type espinudp sport 1029 dport 4500 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 172.16.10.2 dst 172.16.10.1
proto esp spi 0xcac0d0d6 reqid 17 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0xcc0085557f8793bf1df501361c244934f5da3760 96
enc cbc(aes) 0x063a3a7f6e6cecf3f2cfed6d07770b34ec8c79d5ee568c5673964bc7b088fb62
encap type espinudp sport 4500 dport 1028 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 172.16.10.1 dst 172.16.10.2
proto esp spi 0xc4565c40 reqid 17 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0x8cfffb12e64e1a3880a4e03e7caad57a315078da 96
enc cbc(aes) 0xe4e64608dac45ee02f0af045b2da6cf4c8a72dbb3684720226716458af5ab6d7
encap type espinudp sport 1028 dport 4500 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
===========================================
root at OpenWrt:/etc#
root at OpenWrt:/etc# ip xfrm policy
src 192.168.2.0/24 dst 192.168.10.0/24
dir fwd priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 16 mode tunnel
src 192.168.2.0/24 dst 192.168.10.0/24
dir in priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 16 mode tunnel
src 192.168.10.0/24 dst 192.168.2.0/24
dir out priority 1859
tmpl src 172.16.10.2 dst 172.16.10.1
proto esp reqid 16 mode tunnel
src 192.168.13.0/24 dst 192.168.10.0/24
dir fwd priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 13 mode tunnel
src 192.168.13.0/24 dst 192.168.10.0/24
dir in priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 13 mode tunnel
src 192.168.10.0/24 dst 192.168.13.0/24
dir out priority 1859
tmpl src 172.16.10.2 dst 172.16.10.1
proto esp reqid 13 mode tunnel
src 192.168.9.0/24 dst 192.168.10.0/24
dir fwd priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 17 mode tunnel
src 192.168.9.0/24 dst 192.168.10.0/24
dir in priority 1859
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 17 mode tunnel
src 192.168.10.0/24 dst 192.168.9.0/24
dir out priority 1859
tmpl src 172.16.10.2 dst 172.16.10.1
proto esp reqid 17 mode tunnel
src 2.2.2.4/32 dst 192.168.10.0/24
dir fwd priority 1827
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 17 mode tunnel
src 2.2.2.4/32 dst 192.168.10.0/24
dir in priority 1827
tmpl src 172.16.10.1 dst 172.16.10.2
proto esp reqid 17 mode tunnel
src 192.168.10.0/24 dst 2.2.2.4/32
dir out priority 1827
tmpl src 172.16.10.2 dst 172.16.10.1
proto esp reqid 17 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
root at OpenWrt:/etc#
=============================================
##############################################
On the GW3:
==========================================
root at OpenWrt:/etc# ipsec version
Linux strongSwan U5.0.4/K3.2.26
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root at OpenWrt:/etc#
==========================================
root at OpenWrt:/etc# cat ipsec.conf
#/etc/ipsec.conf - strongSwan IPsec configuration file
config setup
strictcrlpolicy=no
charondebug="ike 2, knl 1, cfg 2, chd 2, dmn 1, enc 1, net 1, lib 1"
conn %default
ikelifetime=30m
keylife=15m
rekeymargin=9m
keyingtries=%forever
mobike=no
reauth=no
dpddelay=30s
dpdtimeout=150s
dpdaction=restart
esp=aes256-sha1,3des-sha1,aes128-sha1,3des-sha1
ike=aes256-sha512-modp4096,3des-sha1-modp1536,aes128-sha1-modp2048,3des-sha1-modp1536
conn mainconn1
left=2.2.2.4
leftsubnet=192.168.9.0/24
right=172.16.10.2
rightsubnet=192.168.10.0/24
keyexchange=ikev2
authby=rsasig
leftcert=gw3Cert.pem
leftid="/C=IN/O=strongSwan/CN=gateway3"
rightid="/C=IN/O=strongSwan/CN=gateway1"
leftfirewall=yes
auto=route
root at OpenWrt:/etc#
================================
root at OpenWrt:/etc# cat ipsec.secrets
#/etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA gw3Key.pem
====================================
root at OpenWrt:/etc#
root at OpenWrt:/etc# ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.4, Linux 3.2.26, armv7l):
uptime: 2 hours, since May 24 14:00:01 2015
malloc: sbrk 249856, mmap 0, used 119272, free 130584
worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 5
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pgp dnskey pem fips-prf gmp xcbc hmac attr kernel-pfkeyc
Listening IP addresses:
169.254.0.1
2.2.2.4
2006::4
192.168.9.1
2018::9
Connections:
mainconn1: 2.2.2.4...172.16.10.2 IKEv2, dpddelay=30s
mainconn1: local: [C=IN, O=strongSwan, CN=gateway3] uses public key authentication
mainconn1: cert: "C=IN, O=strongSwan, CN=gateway3"
mainconn1: remote: [C=IN, O=strongSwan, CN=gateway1] uses public key authentication
mainconn1: child: 192.168.9.0/24 === 192.168.10.0/24 TUNNEL, dpdaction=restart
Routed Connections:
mainconn1{1}: ROUTED, TUNNEL
mainconn1{1}: 192.168.9.0/24 === 192.168.10.0/24
Security Associations (1 up, 0 connecting):
mainconn1[8]: ESTABLISHED 8 minutes ago, 2.2.2.4[C=IN, O=strongSwan, CN=gateway3]...172.16.10.2[C=IN, O=strongSwan, CN=gateway1]
mainconn1[8]: IKEv2 SPIs: ffd238335e9f7ba1_i* 1371e5cc4fb46730_r, rekeying in 5 minutes
mainconn1[8]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096
mainconn1{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: c6dd7c96_i c3b29204_o
mainconn1{1}: AES_CBC_256/HMAC_SHA1_96, 61233208 bytes_i (0 pkts, 522s ago), 65250496 bytes_o (0 pkts, 522s ago), rekeying disabled
mainconn1{1}: 192.168.9.0/24 === 192.168.10.0/24
root at OpenWrt:/etc#
======================
Logread/Syslog
root at OpenWrt:/etc# logread
May 24 16:07:09 OpenWrt daemon.info charon: 09[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:07:09 OpenWrt daemon.info charon: 09[ENC] parsed INFORMATIONAL request 4 [ ]
May 24 16:07:09 OpenWrt daemon.info charon: 09[ENC] generating INFORMATIONAL response 4 [ ]
May 24 16:07:09 OpenWrt daemon.info charon: 09[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:07:09 OpenWrt daemon.info charon: 12[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:07:09 OpenWrt daemon.info charon: 12[ENC] parsed INFORMATIONAL response 6 [ ]
May 24 16:07:09 OpenWrt daemon.info charon: 12[IKE] activating new tasks
May 24 16:07:09 OpenWrt daemon.info charon: 12[IKE] nothing to initiate
May 24 16:07:33 OpenWrt daemon.info charon: 15[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:07:39 OpenWrt daemon.info charon: 10[IKE] sending DPD request
May 24 16:07:39 OpenWrt daemon.info charon: 10[IKE] queueing IKE_DPD task
May 24 16:07:39 OpenWrt daemon.info charon: 10[IKE] activating new tasks
May 24 16:07:39 OpenWrt daemon.info charon: 10[IKE] activating IKE_DPD task
May 24 16:07:39 OpenWrt daemon.info charon: 10[ENC] generating INFORMATIONAL request 7 [ ]
May 24 16:07:39 OpenWrt daemon.info charon: 10[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:07:39 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:07:39 OpenWrt daemon.info charon: 08[ENC] parsed INFORMATIONAL request 5 [ ]
May 24 16:07:39 OpenWrt daemon.info charon: 08[ENC] generating INFORMATIONAL response 5 [ ]
May 24 16:07:39 OpenWrt daemon.info charon: 08[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:07:39 OpenWrt daemon.info charon: 14[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:07:39 OpenWrt daemon.info charon: 14[ENC] parsed INFORMATIONAL response 7 [ ]
May 24 16:07:39 OpenWrt daemon.info charon: 14[IKE] activating new tasks
May 24 16:07:39 OpenWrt daemon.info charon: 14[IKE] nothing to initiate
May 24 16:07:45 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for us:
May 24 16:07:45 OpenWrt daemon.info charon: 09[CFG] 192.168.9.0/24
May 24 16:07:45 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for other:
May 24 16:07:45 OpenWrt daemon.info charon: 09[CFG] 192.168.10.0/24
May 24 16:08:03 OpenWrt daemon.info charon: 11[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:08:09 OpenWrt daemon.info charon: 15[IKE] sending DPD request
May 24 16:08:09 OpenWrt daemon.info charon: 15[IKE] queueing IKE_DPD task
May 24 16:08:09 OpenWrt daemon.info charon: 15[IKE] activating new tasks
May 24 16:08:09 OpenWrt daemon.info charon: 15[IKE] activating IKE_DPD task
May 24 16:08:09 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL request 8 [ ]
May 24 16:08:09 OpenWrt daemon.info charon: 15[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:08:09 OpenWrt daemon.info charon: 10[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:08:09 OpenWrt daemon.info charon: 10[ENC] parsed INFORMATIONAL request 6 [ ]
May 24 16:08:09 OpenWrt daemon.info charon: 10[ENC] generating INFORMATIONAL response 6 [ ]
May 24 16:08:09 OpenWrt daemon.info charon: 10[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:08:09 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:08:09 OpenWrt daemon.info charon: 08[ENC] parsed INFORMATIONAL response 8 [ ]
May 24 16:08:09 OpenWrt daemon.info charon: 08[IKE] activating new tasks
May 24 16:08:09 OpenWrt daemon.info charon: 08[IKE] nothing to initiate
May 24 16:08:24 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for us:
May 24 16:08:24 OpenWrt daemon.info charon: 09[CFG] 192.168.9.0/24
May 24 16:08:24 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for other:
May 24 16:08:24 OpenWrt daemon.info charon: 09[CFG] 192.168.10.0/24
May 24 16:08:33 OpenWrt daemon.info charon: 13[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:08:39 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:08:39 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL request 7 [ ]
May 24 16:08:39 OpenWrt daemon.info charon: 11[ENC] generating INFORMATIONAL response 7 [ ]
May 24 16:08:39 OpenWrt daemon.info charon: 11[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:08:59 OpenWrt daemon.info charon: 08[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:09:04 OpenWrt daemon.info charon: 16[CFG] proposing traffic selectors for us:
May 24 16:09:04 OpenWrt daemon.info charon: 16[CFG] 192.168.9.0/24
May 24 16:09:04 OpenWrt daemon.info charon: 16[CFG] proposing traffic selectors for other:
May 24 16:09:04 OpenWrt daemon.info charon: 16[CFG] 192.168.10.0/24
May 24 16:09:09 OpenWrt daemon.info charon: 12[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:09:09 OpenWrt daemon.info charon: 12[ENC] parsed INFORMATIONAL request 8 [ ]
May 24 16:09:09 OpenWrt daemon.info charon: 12[ENC] generating INFORMATIONAL response 8 [ ]
May 24 16:09:09 OpenWrt daemon.info charon: 12[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:09:29 OpenWrt daemon.info charon: 11[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:09:39 OpenWrt daemon.info charon: 15[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:09:39 OpenWrt daemon.info charon: 15[ENC] parsed INFORMATIONAL request 9 [ ]
May 24 16:09:39 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL response 9 [ ]
May 24 16:09:39 OpenWrt daemon.info charon: 15[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:09:43 OpenWrt daemon.info charon: 14[CFG] proposing traffic selectors for us:
May 24 16:09:43 OpenWrt daemon.info charon: 14[CFG] 192.168.9.0/24
May 24 16:09:43 OpenWrt daemon.info charon: 14[CFG] proposing traffic selectors for other:
May 24 16:09:43 OpenWrt daemon.info charon: 14[CFG] 192.168.10.0/24
May 24 16:09:59 OpenWrt daemon.info charon: 12[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:10:09 OpenWrt daemon.info charon: 09[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:10:09 OpenWrt daemon.info charon: 09[ENC] parsed INFORMATIONAL request 10 [ ]
May 24 16:10:09 OpenWrt daemon.info charon: 09[ENC] generating INFORMATIONAL response 10 [ ]
May 24 16:10:09 OpenWrt daemon.info charon: 09[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:10:22 OpenWrt daemon.info charon: 10[CFG] proposing traffic selectors for us:
May 24 16:10:22 OpenWrt daemon.info charon: 10[CFG] 192.168.9.0/24
May 24 16:10:22 OpenWrt daemon.info charon: 10[CFG] proposing traffic selectors for other:
May 24 16:10:22 OpenWrt daemon.info charon: 10[CFG] 192.168.10.0/24
May 24 16:10:29 OpenWrt daemon.info charon: 08[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:10:39 OpenWrt daemon.info charon: 14[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:10:39 OpenWrt daemon.info charon: 14[ENC] parsed INFORMATIONAL request 11 [ ]
May 24 16:10:39 OpenWrt daemon.info charon: 14[ENC] generating INFORMATIONAL response 11 [ ]
May 24 16:10:39 OpenWrt daemon.info charon: 14[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:10:59 OpenWrt daemon.info charon: 09[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:11:02 OpenWrt daemon.info charon: 13[CFG] proposing traffic selectors for us:
May 24 16:11:02 OpenWrt daemon.info charon: 13[CFG] 192.168.9.0/24
May 24 16:11:02 OpenWrt daemon.info charon: 13[CFG] proposing traffic selectors for other:
May 24 16:11:02 OpenWrt daemon.info charon: 13[CFG] 192.168.10.0/24
May 24 16:11:09 OpenWrt daemon.info charon: 15[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:11:09 OpenWrt daemon.info charon: 15[ENC] parsed INFORMATIONAL request 12 [ ]
May 24 16:11:09 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL response 12 [ ]
May 24 16:11:09 OpenWrt daemon.info charon: 15[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:11:29 OpenWrt daemon.info charon: 14[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:11:39 OpenWrt daemon.info charon: 16[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:11:39 OpenWrt daemon.info charon: 16[ENC] parsed INFORMATIONAL request 13 [ ]
May 24 16:11:39 OpenWrt daemon.info charon: 16[ENC] generating INFORMATIONAL response 13 [ ]
May 24 16:11:39 OpenWrt daemon.info charon: 16[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:11:41 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for us:
May 24 16:11:41 OpenWrt daemon.info charon: 09[CFG] 192.168.9.0/24
May 24 16:11:41 OpenWrt daemon.info charon: 09[CFG] proposing traffic selectors for other:
May 24 16:11:41 OpenWrt daemon.info charon: 09[CFG] 192.168.10.0/24
May 24 16:11:59 OpenWrt daemon.info charon: 15[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:12:08 OpenWrt user.err kernel: [358067.084296] total_sa_entries:1
May 24 16:12:08 OpenWrt user.err kernel: [358067.087475] total_sa_entries:1
May 24 16:12:09 OpenWrt daemon.info charon: 10[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:12:09 OpenWrt daemon.info charon: 10[ENC] parsed INFORMATIONAL request 14 [ ]
May 24 16:12:09 OpenWrt daemon.info charon: 10[ENC] generating INFORMATIONAL response 14 [ ]
May 24 16:12:09 OpenWrt daemon.info charon: 10[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:12:29 OpenWrt daemon.info charon: 16[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:12:39 OpenWrt daemon.info charon: 12[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:12:39 OpenWrt daemon.info charon: 12[ENC] parsed INFORMATIONAL request 15 [ ]
May 24 16:12:39 OpenWrt daemon.info charon: 12[ENC] generating INFORMATIONAL response 15 [ ]
May 24 16:12:39 OpenWrt daemon.info charon: 12[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:12:59 OpenWrt daemon.info charon: 13[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:13:09 OpenWrt daemon.info charon: 15[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:13:09 OpenWrt daemon.info charon: 15[ENC] parsed INFORMATIONAL request 16 [ ]
May 24 16:13:09 OpenWrt daemon.info charon: 15[ENC] generating INFORMATIONAL response 16 [ ]
May 24 16:13:09 OpenWrt daemon.info charon: 15[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:13:22 OpenWrt daemon.info charon: 14[CFG] proposing traffic selectors for us:
May 24 16:13:22 OpenWrt daemon.info charon: 14[CFG] 192.168.9.0/24
May 24 16:13:22 OpenWrt daemon.info charon: 14[CFG] proposing traffic selectors for other:
May 24 16:13:22 OpenWrt daemon.info charon: 14[CFG] 192.168.10.0/24
May 24 16:13:29 OpenWrt daemon.info charon: 11[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:13:39 OpenWrt daemon.info charon: 09[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:13:39 OpenWrt daemon.info charon: 09[ENC] parsed INFORMATIONAL request 17 [ ]
May 24 16:13:39 OpenWrt daemon.info charon: 09[ENC] generating INFORMATIONAL response 17 [ ]
May 24 16:13:39 OpenWrt daemon.info charon: 09[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:13:59 OpenWrt daemon.info charon: 10[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:14:09 OpenWrt daemon.info charon: 08[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:14:09 OpenWrt daemon.info charon: 08[ENC] parsed INFORMATIONAL request 18 [ ]
May 24 16:14:09 OpenWrt daemon.info charon: 08[ENC] generating INFORMATIONAL response 18 [ ]
May 24 16:14:09 OpenWrt daemon.info charon: 08[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
May 24 16:14:29 OpenWrt daemon.info charon: 12[IKE] sending keep alive to 172.16.10.2[4500]
May 24 16:14:39 OpenWrt daemon.info charon: 11[NET] received packet: from 172.16.10.2[4500] to 2.2.2.4[4500] (96 bytes)
May 24 16:14:39 OpenWrt daemon.info charon: 11[ENC] parsed INFORMATIONAL request 19 [ ]
May 24 16:14:39 OpenWrt daemon.info charon: 11[ENC] generating INFORMATIONAL response 19 [ ]
May 24 16:14:39 OpenWrt daemon.info charon: 11[NET] sending packet: from 2.2.2.4[4500] to 172.16.10.2[4500] (96 bytes)
==================================================
More information about the Users
mailing list