[strongSwan] Strongswan not writting in iptables
MTDROX Junior
mtdroxjunior at gmail.com
Sat Apr 23 14:04:04 CEST 2016
Hi Tobias,
Thanks for replying. Indeed, I didn't show the evidence that the tunnel is
UP. Below are the output of ipsec status and ipsec statusall:
1- ipsec status
[root at vpn ~]# ipsec status
Security Associations (1 up, 0 connecting):
srv[2]: *ESTABLISHED *3 hours ago,
xxx.xxx.xxx.xxx[172.16.12.1]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
2- ipsec statusall
[root at vpn ~]# ipsec statusall
Status of IKE charon daemon (strongSwan 5.4.0, Linux
3.14.32-xxxx-grs-ipv6-64, x86_64):
uptime: 27 hours, since Apr 22 10:22:02 2016
malloc: sbrk 270496, mmap 0, used 235120, free 35376
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 3
loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default
stroke vici updown xauth-generic
Listening IP addresses:
xxx.xxx.xxx.xxx
xxxx:xxxx:xxxx:xxx::
172.16.12.1
Connections:
srv: xxx.xxx.xxx.xxx...xxx.xxx.xxx.xxx IKEv1, dpddelay=100s
srv: local: [172.16.12.1] uses pre-shared key authentication
srv: remote: [xxx.xxx.xxx.xxx] uses pre-shared key authentication
srv: child: 172.16.12.0/24 === 10.112.13.0/24 TUNNEL,
dpdaction=restart
Security Associations (1 up, 0 connecting):
srv[2]: *ESTABLISHED *3 hours ago,
xxx.xxx.xxx.xxx[172.16.12.0]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
srv[2]: IKEv1 SPIs: bd357fba554312da_i* 47a35df5a156dc95_r, pre-shared
key reauthentication in 20 hours
srv[2]: IKE proposal: 3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
You can also find the log generated while establishing the tunnel in the
attached file.
On Fri, Apr 22, 2016 at 12:08 PM, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi,
>
> > In fact, the tunnel goes UP but no rules are added into iptables
> > although I set *leftfirewall=yes*
>
> There is no evidence that any tunnel is up when looking at the output
> below. For instance, there are no policies for the connection defined
> in your config:
>
> > [root at vpn etc]# ip xfrm policy
> > src 0.0.0.0/0 dst 0.0.0.0/0
> > dir 3 priority 0
> > src 0.0.0.0/0 dst 0.0.0.0/0
> > dir 4 priority 0
> > src 0.0.0.0/0 dst 0.0.0.0/0
> > dir 3 priority 0
> > src 0.0.0.0/0 dst 0.0.0.0/0
> > dir 4 priority 0
> > src ::/0 dst ::/0
> > dir 3 priority 0
> > src ::/0 dst ::/0
> > dir 4 priority 0
> > src ::/0 dst ::/0
> > dir 3 priority 0
> > src ::/0 dst ::/0
> > dir 4 priority 0
>
> So look for any errors in the log while establishing the tunnel (also
> check the log of the other peer).
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160423/5d08d33f/attachment-0001.html>
-------------- next part --------------
Apr 23 13:44:55 stock charon: 00[DMN] signal of type SIGINT received. Shutting down
Apr 23 13:44:55 stock charon: 00[IKE] queueing ISAKMP_DELETE task
Apr 23 13:44:55 stock charon: 00[IKE] activating new tasks
Apr 23 13:44:55 stock charon: 00[IKE] activating ISAKMP_DELETE task
Apr 23 13:44:55 stock charon: 00[IKE] deleting IKE_SA srv[2] between xxx.xxx.xxx.xxx[172.16.12.1]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
Apr 23 13:44:55 stock charon: 00[IKE] sending DELETE for IKE_SA srv[2]
Apr 23 13:44:55 stock charon: 00[IKE] IKE_SA srv[2] state change: ESTABLISHED => DELETING
Apr 23 13:44:55 stock charon: 00[ENC] generating INFORMATIONAL_V1 request 1564909706 [ HASH D ]
Apr 23 13:44:55 stock charon: 00[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (84 bytes)
Apr 23 13:44:55 stock charon: 00[IKE] IKE_SA srv[2] state change: DELETING => DESTROYING
Apr 23 13:44:55 stock charon: 03[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:57 stock charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.4.0, Linux 3.14.32-xxxx-grs-ipv6-64, x86_64)
Apr 23 13:44:57 stock charon: 00[KNL] known interfaces and IP addresses:
Apr 23 13:44:57 stock charon: 00[KNL] lo
Apr 23 13:44:57 stock charon: 00[KNL] 127.0.0.1
Apr 23 13:44:57 stock charon: 00[KNL] ::1
Apr 23 13:44:57 stock charon: 00[KNL] eth0
Apr 23 13:44:57 stock charon: 00[KNL] xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 00[KNL] xxxx:xxxx:xxxx:xxxx::
Apr 23 13:44:57 stock charon: 00[KNL] fe80::ec4:7aff:fe7b:6ffc
Apr 23 13:44:57 stock charon: 00[KNL] eth0.115
Apr 23 13:44:57 stock charon: 00[KNL] 172.16.12.1
Apr 23 13:44:57 stock charon: 00[KNL] fe80::ec4:7aff:fe7b:6ffc
Apr 23 13:44:57 stock charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Apr 23 13:44:57 stock charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Apr 23 13:44:57 stock charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Apr 23 13:44:57 stock charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Apr 23 13:44:57 stock charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Apr 23 13:44:57 stock charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Apr 23 13:44:57 stock charon: 00[CFG] loaded IKE secret for 172.16.12.1 xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic
Apr 23 13:44:57 stock charon: 00[JOB] spawning 16 worker threads
Apr 23 13:44:57 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:44:57 stock charon: 08[CFG] stroke message => 816 bytes @ 0x7060b80009f0
Apr 23 13:44:57 stock charon: 08[CFG] 0: 30 03 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 0...............
Apr 23 13:44:57 stock charon: 08[CFG] 16: 92 02 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 48: 00 00 00 00 00 00 00 00 02 00 00 00 40 00 00 00 ............ at ...
Apr 23 13:44:57 stock charon: 08[CFG] 64: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 96: 00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 128: 9C 02 00 00 00 00 00 00 AE 02 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 144: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 160: 80 70 00 00 00 00 00 00 80 51 01 00 00 00 00 00 .p.......Q......
Apr 23 13:44:57 stock charon: 08[CFG] 176: 2C 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ,...............
Apr 23 13:44:57 stock charon: 08[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 224: 64 00 00 00 00 00 00 00 64 00 00 00 00 00 00 00 d.......d.......
Apr 23 13:44:57 stock charon: 08[CFG] 240: F4 01 00 00 00 00 00 00 03 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 288: 00 00 00 00 00 00 00 00 C0 02 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 304: 00 00 00 00 00 00 00 00 C4 02 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 400: D0 02 00 00 00 00 00 00 E7 02 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 416: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 432: 00 00 00 00 00 00 00 00 F6 02 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 448: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 464: 00 00 00 00 FF FF 00 00 05 03 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 480: 00 00 00 00 00 00 00 00 09 03 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 512: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 544: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 576: 00 00 00 00 00 00 00 00 15 03 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 592: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 608: 00 00 00 00 00 00 00 00 21 03 00 00 00 00 00 00 ........!.......
Apr 23 13:44:57 stock charon: 08[CFG] 624: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 640: 00 00 00 00 FF FF 00 00 FF FF FF FF 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 08[CFG] 656: 00 04 4D 6F 6F 76 5F 53 72 76 31 00 33 64 65 73 ..srv.3des
Apr 23 13:44:57 stock charon: 08[CFG] 672: 2D 6D 64 35 2D 6D 6F 64 70 31 30 32 34 00 33 64 -md5-modp1024.3d
Apr 23 13:44:57 stock charon: 08[CFG] 688: 65 73 2D 6D 64 35 2D 6D 6F 64 70 31 30 32 34 00 es-md5-modp1024.
Apr 23 13:44:57 stock charon: 08[CFG] 704: 70 73 6B 00 31 37 32 2E 32 39 2E 31 30 2E 31 00 psk.172.16.12.1.
Apr 23 13:44:57 stock charon: 08[CFG] 720: 69 70 73 65 63 20 5F 75 70 64 6F 77 6E 20 69 70 ipsec _updown ip
Apr 23 13:44:57 stock charon: 08[CFG] 736: 74 61 62 6C 65 73 00 31 34 39 2E 32 30 32 2E 39 tables.xxx.xxx.x
Apr 23 13:44:57 stock charon: 08[CFG] 752: 30 2E 31 35 31 00 31 37 32 2E 32 39 2E 31 30 2E xx.xxx.172.16.12.
Apr 23 13:44:57 stock charon: 08[CFG] 768: 30 2F 32 34 00 70 73 6B 00 34 31 2E 31 39 31 2E 0/24.psk.xxx.xxx.
Apr 23 13:44:57 stock charon: 08[CFG] 784: 37 30 2E 39 00 34 31 2E 31 39 31 2E 37 30 2E 39 xxx.xxx.xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 08[CFG] 800: 00 31 30 2E 31 37 39 2E 32 37 2E 30 2F 32 34 00 .10.112.13.0/24.
Apr 23 13:44:57 stock charon: 08[CFG] received stroke: add connection 'srv'
Apr 23 13:44:57 stock charon: 08[CFG] conn srv
Apr 23 13:44:57 stock charon: 08[CFG] left=xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 08[CFG] leftsubnet=172.16.12.0/24
Apr 23 13:44:57 stock charon: 08[CFG] leftauth=psk
Apr 23 13:44:57 stock charon: 08[CFG] leftid=172.16.12.1
Apr 23 13:44:57 stock charon: 08[CFG] leftupdown=ipsec _updown iptables
Apr 23 13:44:57 stock charon: 08[CFG] right=xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 08[CFG] rightsubnet=10.112.13.0/24
Apr 23 13:44:57 stock charon: 08[CFG] rightauth=psk
Apr 23 13:44:57 stock charon: 08[CFG] rightid=xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 08[CFG] ike=3des-md5-modp1024
Apr 23 13:44:57 stock charon: 08[CFG] esp=3des-md5-modp1024
Apr 23 13:44:57 stock charon: 08[CFG] dpddelay=100
Apr 23 13:44:57 stock charon: 08[CFG] dpdtimeout=500
Apr 23 13:44:57 stock charon: 08[CFG] dpdaction=3
Apr 23 13:44:57 stock charon: 08[CFG] closeaction=3
Apr 23 13:44:57 stock charon: 08[CFG] mediation=no
Apr 23 13:44:57 stock charon: 08[CFG] keyexchange=ikev1
Apr 23 13:44:57 stock charon: 08[KNL] xxx.xxx.xxx.xxx is not a local address or the interface is down
Apr 23 13:44:57 stock charon: 08[CFG] added configuration 'srv'
Apr 23 13:44:57 stock charon: 12[CFG] stroke message => 668 bytes @ 0x7060a80009f0
Apr 23 13:44:57 stock charon: 12[CFG] 0: 9C 02 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 16: 92 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 96: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 416: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 464: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 512: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 544: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 576: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 592: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 608: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 624: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Apr 23 13:44:57 stock charon: 12[CFG] 656: 00 04 4D 6F 6F 76 5F 53 72 76 31 00 ..srv.
Apr 23 13:44:57 stock charon: 12[CFG] received stroke: initiate 'srv'
Apr 23 13:44:57 stock charon: 12[IKE] queueing ISAKMP_VENDOR task
Apr 23 13:44:57 stock charon: 12[IKE] queueing ISAKMP_CERT_PRE task
Apr 23 13:44:57 stock charon: 12[IKE] queueing MAIN_MODE task
Apr 23 13:44:57 stock charon: 12[IKE] queueing ISAKMP_CERT_POST task
Apr 23 13:44:57 stock charon: 12[IKE] queueing ISAKMP_NATD task
Apr 23 13:44:57 stock charon: 12[IKE] queueing QUICK_MODE task
Apr 23 13:44:57 stock charon: 12[IKE] activating new tasks
Apr 23 13:44:57 stock charon: 12[IKE] activating ISAKMP_VENDOR task
Apr 23 13:44:57 stock charon: 12[IKE] activating ISAKMP_CERT_PRE task
Apr 23 13:44:57 stock charon: 12[IKE] activating MAIN_MODE task
Apr 23 13:44:57 stock charon: 12[IKE] activating ISAKMP_CERT_POST task
Apr 23 13:44:57 stock charon: 12[IKE] activating ISAKMP_NATD task
Apr 23 13:44:57 stock charon: 12[IKE] sending XAuth vendor ID
Apr 23 13:44:57 stock charon: 12[IKE] sending DPD vendor ID
Apr 23 13:44:57 stock charon: 12[IKE] sending FRAGMENTATION vendor ID
Apr 23 13:44:57 stock charon: 12[IKE] sending NAT-T (RFC 3947) vendor ID
Apr 23 13:44:57 stock charon: 12[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 23 13:44:57 stock charon: 12[IKE] initiating Main Mode IKE_SA srv[1] to xxx.xxx.xxx.xxx
Apr 23 13:44:57 stock charon: 12[IKE] IKE_SA srv[1] state change: CREATED => CONNECTING
Apr 23 13:44:57 stock charon: 12[CFG] configured proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/PRF_HMAC_MD5/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_1024/MODP_1024_160
Apr 23 13:44:57 stock charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 23 13:44:57 stock charon: 12[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (220 bytes)
Apr 23 13:44:57 stock charon: 03[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:57 stock charon: 02[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:57 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:44:57 stock charon: 14[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (104 bytes)
Apr 23 13:44:57 stock charon: 14[ENC] parsed ID_PROT response 0 [ SA V ]
Apr 23 13:44:57 stock charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Apr 23 13:44:57 stock charon: 14[CFG] selecting proposal:
Apr 23 13:44:57 stock charon: 14[CFG] proposal matches
Apr 23 13:44:57 stock charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 23 13:44:57 stock charon: 14[CFG] configured proposals: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/PRF_HMAC_MD5/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_1024/MODP_1024_160
Apr 23 13:44:57 stock charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Apr 23 13:44:57 stock charon: 14[IKE] reinitiating already active tasks
Apr 23 13:44:57 stock charon: 14[IKE] ISAKMP_VENDOR task
Apr 23 13:44:57 stock charon: 14[IKE] MAIN_MODE task
Apr 23 13:44:57 stock charon: 14[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 23 13:44:57 stock charon: 14[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
Apr 23 13:44:57 stock charon: 03[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:57 stock charon: 02[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:57 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:44:57 stock charon: 06[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (296 bytes)
Apr 23 13:44:57 stock charon: 06[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Apr 23 13:44:57 stock charon: 06[IKE] received Cisco Unity vendor ID
Apr 23 13:44:57 stock charon: 06[IKE] received DPD vendor ID
Apr 23 13:44:57 stock charon: 06[ENC] received unknown vendor ID: b2:64:fa:e8:fe:9f:d6:c1:3f:86:5a:3c:3d:18:df:b8
Apr 23 13:44:57 stock charon: 06[IKE] received XAuth vendor ID
Apr 23 13:44:57 stock charon: 06[IKE] reinitiating already active tasks
Apr 23 13:44:57 stock charon: 06[IKE] ISAKMP_VENDOR task
Apr 23 13:44:57 stock charon: 06[IKE] MAIN_MODE task
Apr 23 13:44:57 stock charon: 06[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Apr 23 13:44:57 stock charon: 06[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (92 bytes)
Apr 23 13:44:57 stock charon: 03[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:58 stock charon: 02[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:44:58 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:44:58 stock charon: 08[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (68 bytes)
Apr 23 13:44:58 stock charon: 08[ENC] parsed ID_PROT response 0 [ ID HASH ]
Apr 23 13:44:58 stock charon: 08[IKE] IKE_SA srv[1] established between xxx.xxx.xxx.xxx[172.16.12.1]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
Apr 23 13:44:58 stock charon: 08[IKE] IKE_SA srv[1] state change: CONNECTING => ESTABLISHED
Apr 23 13:44:58 stock rsyslogd-2177: imuxsock begins to drop messages from pid 14073 due to rate-limiting
Apr 23 13:45:08 stock rsyslogd-2177: imuxsock lost 21 messages from pid 14073 due to rate-limiting
Apr 23 13:45:08 stock charon: 02[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:45:08 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:45:08 stock charon: 13[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (84 bytes)
Apr 23 13:45:08 stock charon: 13[ENC] parsed INFORMATIONAL_V1 request 851607907 [ HASH N(DPD) ]
Apr 23 13:45:08 stock charon: 13[IKE] queueing ISAKMP_DPD task
Apr 23 13:45:08 stock charon: 13[IKE] activating new tasks
Apr 23 13:45:08 stock charon: 13[IKE] activating ISAKMP_DPD task
Apr 23 13:45:08 stock charon: 13[ENC] generating INFORMATIONAL_V1 request 2938331407 [ HASH N(DPD_ACK) ]
Apr 23 13:45:08 stock charon: 13[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (84 bytes)
Apr 23 13:45:08 stock charon: 13[IKE] activating new tasks
Apr 23 13:45:08 stock charon: 03[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:45:08 stock charon: 13[IKE] nothing to initiate
Apr 23 13:45:17 stock charon: 02[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500]
Apr 23 13:45:17 stock charon: 02[NET] waiting for data on sockets
Apr 23 13:45:17 stock charon: 09[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (84 bytes)
Apr 23 13:45:17 stock charon: 09[ENC] parsed INFORMATIONAL_V1 request 367750446 [ HASH N(DPD) ]
Apr 23 13:45:17 stock charon: 09[IKE] queueing ISAKMP_DPD task
Apr 23 13:45:17 stock charon: 09[IKE] activating new tasks
Apr 23 13:45:17 stock charon: 09[IKE] activating ISAKMP_DPD task
Apr 23 13:45:17 stock charon: 09[ENC] generating INFORMATIONAL_V1 request 2166996185 [ HASH N(DPD_ACK) ]
Apr 23 13:45:17 stock charon: 09[NET] sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[500] (84 bytes)
Apr 23 13:45:17 stock charon: 09[IKE] activating new tasks
More information about the Users
mailing list