Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- cat /var/log/pluto.log
- Plutorun started on Tue May 20 02:21:03 EDT 2014
- adjusting ipsec.d to /etc/ipsec.d
- Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:6367
- LEAK_DETECTIVE support [disabled]
- OCF support for IKE [disabled]
- SAref support [disabled]: Protocol not available
- SAbind support [disabled]: Protocol not available
- NSS support [disabled]
- HAVE_STATSD notification support not compiled in
- Setting NAT-Traversal port-4500 floating to on
- port floating activation criteria nat_t=1/port_float=1
- NAT-Traversal support [enabled]
- using /dev/urandom as source of random entropy
- ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
- starting up 1 cryptographic helpers
- started helper pid=6369 (fd:4)
- Using Linux 2.6 IPsec interface code on 3.2.0-4-686-pae (experimental code)
- using /dev/urandom as source of random entropy
- ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
- ike_alg_add(): ERROR: Algorithm already exists
- ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
- Changed path to directory '/etc/ipsec.d/cacerts'
- Changed path to directory '/etc/ipsec.d/aacerts'
- Changed path to directory '/etc/ipsec.d/ocspcerts'
- Changing to directory '/etc/ipsec.d/crls'
- Warning: empty directory
- added connection description "L2TP-PSK-NAT"
- added connection description "L2TP-PSK-noNAT"
- listening for IKE messages
- adding interface eth0/eth0 91.245.35.34:500
- adding interface eth0/eth0 91.245.35.34:4500
- adding interface lo/lo 127.0.0.1:500
- adding interface lo/lo 127.0.0.1:4500
- adding interface lo/lo ::1:500
- loading secrets from "/etc/ipsec.secrets"
- packet from 87.117.185.107:642: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
- packet from 87.117.185.107:642: received Vendor ID payload [RFC 3947] method set to=109
- packet from 87.117.185.107:642: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
- packet from 87.117.185.107:642: ignoring Vendor ID payload [FRAGMENTATION]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [Vid-Initial-Contact]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [IKE CGA version 1]
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: responding to Main Mode from unknown peer 87.117.185.107
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: STATE_MAIN_R1: sent MR1, expecting MI2
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: STATE_MAIN_R2: sent MR2, expecting MI3
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: Main mode peer ID is ID_IPV4_ADDR: '10.50.86.208'
- "L2TP-PSK-NAT"[1] 87.117.185.107 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: new NAT mapping for #1, was 87.117.185.107:642, now 87.117.185.107:58295
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: the peer proposed: 91.245.35.34/32:17/0 -> 10.50.86.208/32:17/0
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: responding to Quick Mode proposal {msgid:01000000}
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: us: 91.245.35.34/32===91.245.35.34<91.245.35.34>[+S=C]:17/%any
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: them: 87.117.185.107[10.50.86.208,+S=C]:17/1701
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- "L2TP-PSK-NAT"[2] 87.117.185.107 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x217f2622 <0x48a53bb2 xfrm=AES_128-HMAC_SHA1 NATOA=10.50.86.208 NATD=87.117.185.107:58295 DPD=none}
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received Delete SA(0x217f2622) payload: deleting IPSEC State #2
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received and ignored informational message
- "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received Delete SA payload: deleting ISAKMP State #1
- "L2TP-PSK-NAT"[2] 87.117.185.107: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
- packet from 87.117.185.107:58295: received and ignored informational message
- packet from 87.117.185.107:642: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
- packet from 87.117.185.107:642: received Vendor ID payload [RFC 3947] method set to=109
- packet from 87.117.185.107:642: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
- packet from 87.117.185.107:642: ignoring Vendor ID payload [FRAGMENTATION]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [Vid-Initial-Contact]
- packet from 87.117.185.107:642: ignoring Vendor ID payload [IKE CGA version 1]
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: responding to Main Mode from unknown peer 87.117.185.107
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: STATE_MAIN_R1: sent MR1, expecting MI2
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: STATE_MAIN_R2: sent MR2, expecting MI3
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: Main mode peer ID is ID_IPV4_ADDR: '10.50.86.208'
- "L2TP-PSK-NAT"[3] 87.117.185.107 #3: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: new NAT mapping for #3, was 87.117.185.107:642, now 87.117.185.107:58295
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: the peer proposed: 91.245.35.34/32:17/0 -> 10.50.86.208/32:17/0
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: responding to Quick Mode proposal {msgid:01000000}
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: us: 91.245.35.34/32===91.245.35.34<91.245.35.34>[+S=C]:17/%any
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: them: 87.117.185.107[10.50.86.208,+S=C]:17/1701
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
- "L2TP-PSK-NAT"[4] 87.117.185.107 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xc644ad66 <0xd5f9cca4 xfrm=AES_128-HMAC_SHA1 NATOA=10.50.86.208 NATD=87.117.185.107:58295 DPD=none}
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received Delete SA(0xc644ad66) payload: deleting IPSEC State #4
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received and ignored informational message
- "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received Delete SA payload: deleting ISAKMP State #3
- "L2TP-PSK-NAT"[4] 87.117.185.107: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
- packet from 87.117.185.107:58295: received and ignored informational message
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
