API tools faq
paste
Guest User

Untitled

a guest
May 20th, 2014
336
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.40 KB | None | 0 0
raw download clone embed print report diff
  1. cat /var/log/pluto.log
  2. Plutorun started on Tue May 20 02:21:03 EDT 2014
  3. adjusting ipsec.d to /etc/ipsec.d
  4. Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:6367
  5. LEAK_DETECTIVE support [disabled]
  6. OCF support for IKE [disabled]
  7. SAref support [disabled]: Protocol not available
  8. SAbind support [disabled]: Protocol not available
  9. NSS support [disabled]
  10. HAVE_STATSD notification support not compiled in
  11. Setting NAT-Traversal port-4500 floating to on
  12. port floating activation criteria nat_t=1/port_float=1
  13. NAT-Traversal support [enabled]
  14. using /dev/urandom as source of random entropy
  15. ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  16. starting up 1 cryptographic helpers
  17. started helper pid=6369 (fd:4)
  18. Using Linux 2.6 IPsec interface code on 3.2.0-4-686-pae (experimental code)
  19. using /dev/urandom as source of random entropy
  20. ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
  21. ike_alg_add(): ERROR: Algorithm already exists
  22. ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
  23. ike_alg_add(): ERROR: Algorithm already exists
  24. ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
  25. ike_alg_add(): ERROR: Algorithm already exists
  26. ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
  27. ike_alg_add(): ERROR: Algorithm already exists
  28. ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
  29. ike_alg_add(): ERROR: Algorithm already exists
  30. ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
  31. Changed path to directory '/etc/ipsec.d/cacerts'
  32. Changed path to directory '/etc/ipsec.d/aacerts'
  33. Changed path to directory '/etc/ipsec.d/ocspcerts'
  34. Changing to directory '/etc/ipsec.d/crls'
  35. Warning: empty directory
  36. added connection description "L2TP-PSK-NAT"
  37. added connection description "L2TP-PSK-noNAT"
  38. listening for IKE messages
  39. adding interface eth0/eth0 91.245.35.34:500
  40. adding interface eth0/eth0 91.245.35.34:4500
  41. adding interface lo/lo 127.0.0.1:500
  42. adding interface lo/lo 127.0.0.1:4500
  43. adding interface lo/lo ::1:500
  44. loading secrets from "/etc/ipsec.secrets"
  45. packet from 87.117.185.107:642: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
  46. packet from 87.117.185.107:642: received Vendor ID payload [RFC 3947] method set to=109
  47. packet from 87.117.185.107:642: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  48. packet from 87.117.185.107:642: ignoring Vendor ID payload [FRAGMENTATION]
  49. packet from 87.117.185.107:642: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
  50. packet from 87.117.185.107:642: ignoring Vendor ID payload [Vid-Initial-Contact]
  51. packet from 87.117.185.107:642: ignoring Vendor ID payload [IKE CGA version 1]
  52. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: responding to Main Mode from unknown peer 87.117.185.107
  53. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  54. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  55. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  56. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: STATE_MAIN_R1: sent MR1, expecting MI2
  57. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  58. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  59. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: STATE_MAIN_R2: sent MR2, expecting MI3
  60. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: Main mode peer ID is ID_IPV4_ADDR: '10.50.86.208'
  61. "L2TP-PSK-NAT"[1] 87.117.185.107 #1: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
  62. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
  63. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  64. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: new NAT mapping for #1, was 87.117.185.107:642, now 87.117.185.107:58295
  65. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
  66. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
  67. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: the peer proposed: 91.245.35.34/32:17/0 -> 10.50.86.208/32:17/0
  68. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
  69. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: responding to Quick Mode proposal {msgid:01000000}
  70. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: us: 91.245.35.34/32===91.245.35.34<91.245.35.34>[+S=C]:17/%any
  71. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: them: 87.117.185.107[10.50.86.208,+S=C]:17/1701
  72. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  73. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  74. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
  75. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  76. "L2TP-PSK-NAT"[2] 87.117.185.107 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x217f2622 <0x48a53bb2 xfrm=AES_128-HMAC_SHA1 NATOA=10.50.86.208 NATD=87.117.185.107:58295 DPD=none}
  77. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received Delete SA(0x217f2622) payload: deleting IPSEC State #2
  78. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received and ignored informational message
  79. "L2TP-PSK-NAT"[2] 87.117.185.107 #1: received Delete SA payload: deleting ISAKMP State #1
  80. "L2TP-PSK-NAT"[2] 87.117.185.107: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
  81. packet from 87.117.185.107:58295: received and ignored informational message
  82. packet from 87.117.185.107:642: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
  83. packet from 87.117.185.107:642: received Vendor ID payload [RFC 3947] method set to=109
  84. packet from 87.117.185.107:642: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  85. packet from 87.117.185.107:642: ignoring Vendor ID payload [FRAGMENTATION]
  86. packet from 87.117.185.107:642: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
  87. packet from 87.117.185.107:642: ignoring Vendor ID payload [Vid-Initial-Contact]
  88. packet from 87.117.185.107:642: ignoring Vendor ID payload [IKE CGA version 1]
  89. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: responding to Main Mode from unknown peer 87.117.185.107
  90. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  91. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
  92. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  93. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: STATE_MAIN_R1: sent MR1, expecting MI2
  94. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  95. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  96. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: STATE_MAIN_R2: sent MR2, expecting MI3
  97. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: Main mode peer ID is ID_IPV4_ADDR: '10.50.86.208'
  98. "L2TP-PSK-NAT"[3] 87.117.185.107 #3: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
  99. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
  100. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  101. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: new NAT mapping for #3, was 87.117.185.107:642, now 87.117.185.107:58295
  102. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
  103. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
  104. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: the peer proposed: 91.245.35.34/32:17/0 -> 10.50.86.208/32:17/0
  105. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
  106. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: responding to Quick Mode proposal {msgid:01000000}
  107. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: us: 91.245.35.34/32===91.245.35.34<91.245.35.34>[+S=C]:17/%any
  108. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: them: 87.117.185.107[10.50.86.208,+S=C]:17/1701
  109. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  110. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  111. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
  112. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  113. "L2TP-PSK-NAT"[4] 87.117.185.107 #4: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xc644ad66 <0xd5f9cca4 xfrm=AES_128-HMAC_SHA1 NATOA=10.50.86.208 NATD=87.117.185.107:58295 DPD=none}
  114. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received Delete SA(0xc644ad66) payload: deleting IPSEC State #4
  115. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received and ignored informational message
  116. "L2TP-PSK-NAT"[4] 87.117.185.107 #3: received Delete SA payload: deleting ISAKMP State #3
  117. "L2TP-PSK-NAT"[4] 87.117.185.107: deleting connection "L2TP-PSK-NAT" instance with peer 87.117.185.107 {isakmp=#0/ipsec=#0}
  118. packet from 87.117.185.107:58295: received and ignored informational message
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!