Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Plutorun started on Mon Jan 5 22:09:57 YEKT 2015
- adjusting ipsec.d to /etc/ipsec.d
- Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:13709
- LEAK_DETECTIVE support [disabled]
- OCF support for IKE [disabled]
- SAref support [disabled]: Protocol not available
- SAbind support [disabled]: Protocol not available
- NSS support [disabled]
- HAVE_STATSD notification support not compiled in
- Setting NAT-Traversal port-4500 floating to on
- port floating activation criteria nat_t=1/port_float=1
- NAT-Traversal support [enabled]
- using /dev/urandom as source of random entropy
- ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
- starting up 1 cryptographic helpers
- using /dev/urandom as source of random entropy
- started helper pid=13715 (fd:4)
- Using Linux 2.6 IPsec interface code on 3.2.0-4-amd64 (experimental code)
- ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
- Changed path to directory '/etc/ipsec.d/cacerts'
- Changed path to directory '/etc/ipsec.d/aacerts'
- Changed path to directory '/etc/ipsec.d/ocspcerts'
- Changing to directory '/etc/ipsec.d/crls'
- Warning: empty directory
- added connection description "L2TP-PSK-NAT"
- added connection description "L2TP-PSK-noNAT"
- added connection description "passthrough-for-non-l2tp"
- listening for IKE messages
- adding interface eth0/eth0 192.168.0.103:500
- adding interface eth0/eth0 192.168.0.103:4500
- adding interface lo/lo 127.0.0.1:500
- adding interface lo/lo 127.0.0.1:4500
- adding interface lo/lo ::1:500
- loading secrets from "/etc/ipsec.secrets"
- loading secrets from "/var/lib/openswan/ipsec.secrets.inc"
- packet from 192.168.0.102:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
- packet from 192.168.0.102:500: received Vendor ID payload [RFC 3947] method set to=109
- packet from 192.168.0.102:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
- packet from 192.168.0.102:500: ignoring Vendor ID payload [FRAGMENTATION]
- packet from 192.168.0.102:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
- packet from 192.168.0.102:500: ignoring Vendor ID payload [Vid-Initial-Contact]
- packet from 192.168.0.102:500: ignoring Vendor ID payload [IKE CGA version 1]
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: responding to Main Mode from unknown peer 192.168.0.102
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: STATE_MAIN_R1: sent MR1, expecting MI2
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: STATE_MAIN_R2: sent MR2, expecting MI3
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.102'
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: the peer proposed: 192.168.0.103/32:17/1701 -> 192.168.0.102/32:17/0
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: peer proposal was reject in a virtual connection policy because:
- "L2TP-PSK-NAT"[1] 192.168.0.102 #1: a private network virtual IP was required, but the proposed IP did not match our list (virtual_private=)
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: responding to Quick Mode proposal {msgid:01000000}
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: us: 192.168.0.103<192.168.0.103>[+S=C]:17/1701
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: them: 192.168.0.102[+S=C]:17/1701
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- "L2TP-PSK-noNAT"[1] 192.168.0.102 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xc0563554 <0x41a152d1 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement