Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Nov 2 04:40:49: NSS DB directory: sql:/etc/ipsec.d
- Nov 2 04:40:49: NSS initialized
- Nov 2 04:40:49: libcap-ng support [enabled]
- Nov 2 04:40:49: FIPS HMAC integrity verification test passed
- Nov 2 04:40:49: FIPS: pluto daemon NOT running in FIPS mode
- Nov 2 04:40:49: Linux audit support [enabled]
- Nov 2 04:40:49: Linux audit activated
- Nov 2 04:40:49: Starting Pluto (Libreswan Version 3.15 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMA
- NAGER CURL(non-NSS) LDAP(non-NSS)) pid:18500
- Nov 2 04:40:49: core dump dir: /var/run/pluto
- Nov 2 04:40:49: secrets file: /etc/ipsec.secrets
- Nov 2 04:40:49: leak-detective disabled
- Nov 2 04:40:49: NSS crypto [enabled]
- Nov 2 04:40:49: XAUTH PAM support [enabled]
- Nov 2 04:40:49: NAT-Traversal support [enabled]
- Nov 2 04:40:49: virtual-private entry not proper subnet: non-hex field in IPv6 numeric address
- Nov 2 04:40:49: 1 bad entries in virtual-private - none loaded
- Nov 2 04:40:49: | inserting event EVENT_REINIT_SECRET, timeout in 3600.000000 seconds
- Nov 2 04:40:49: | inserting event EVENT_PENDING_DDNS, timeout in 60.000000 seconds
- Nov 2 04:40:49: | inserting event EVENT_PENDING_PHASE2, timeout in 120.000000 seconds
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
- Nov 2 04:40:49: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
- Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
- Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
- Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
- Nov 2 04:40:49: starting up 3 crypto helpers
- Nov 2 04:40:49: started thread for crypto helper 0 (master fd 10)
- Nov 2 04:40:49: | setup helper callback for master fd 10
- Nov 2 04:40:49: started thread for crypto helper 1 (master fd 13)
- Nov 2 04:40:49: | setup helper callback for master fd 13
- Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 0) 22
- Nov 2 04:40:49: started thread for crypto helper 2 (master fd 15)
- Nov 2 04:40:49: | setup helper callback for master fd 15
- Nov 2 04:40:49: | crypto helper 0 waiting on fd 11
- Nov 2 04:40:49: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-504.16.2.el6.x86_64
- Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 2) 22
- Nov 2 04:40:49: | crypto helper 2 waiting on fd 16
- Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_8: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_12: Ok
- Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_16: Ok
- Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 1) 22
- Nov 2 04:40:49: | crypto helper 1 waiting on fd 14
- Nov 2 04:40:49: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
- Nov 2 04:40:49: | Could not change to legacy CRL directory '/etc/ipsec.d/crls': 2 No such file or directory
- Nov 2 04:40:49: | selinux support is NOT enabled.
- Nov 2 04:40:49: | inserting event EVENT_LOG_DAILY, timeout in 69551.000000 seconds
- Nov 2 04:40:50: | entering aalg_getbyname_ike()
- Nov 2 04:40:50: | Added new connection host-prd/0x1 with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
- Nov 2 04:40:50: | from whack: got --esp=3des-md5
- Nov 2 04:40:50: | phase2alg string values: 3DES(3)_000-MD5(1)_000
- Nov 2 04:40:50: | ike (phase1) algorithm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
- Nov 2 04:40:50: | certificate not loaded for this end
- Nov 2 04:40:50: | counting wild cards for @LOCALID is 0
- Nov 2 04:40:50: | certificate not loaded for this end
- Nov 2 04:40:50: | counting wild cards for remoteIDIP is 0
- Nov 2 04:40:50: added connection description "host-prd/0x1"
- Nov 2 04:40:50: | exernalIP/32===exernalIP<exernalIP>[@LOCALID]---defaultGW...defaultGW---remoteIDIP<remoteIDIP>=
- ==172.25.48.43/32
- Nov 2 04:40:50: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV
- 1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
- Nov 2 04:40:50: | entering aalg_getbyname_ike()
- Nov 2 04:40:50: | Added new connection host-prd/0x2 with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
- Nov 2 04:40:50: | from whack: got --esp=3des-md5
- Nov 2 04:40:50: | phase2alg string values: 3DES(3)_000-MD5(1)_000
- Nov 2 04:40:50: | ike (phase1) algorithm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
- Nov 2 04:40:50: | certificate not loaded for this end
- Nov 2 04:40:50: | counting wild cards for @LOCALID is 0
- Nov 2 04:40:50: | certificate not loaded for this end
- Nov 2 04:40:50: | counting wild cards for remoteIDIP is 0
- Nov 2 04:40:50: added connection description "host-prd/0x2"
- Nov 2 04:40:50: | exernalIP/32===exernalIP<exernalIP>[@LOCALID]---defaultGW...defaultGW---remoteIDIP<remoteIDIP>=
- ==172.25.48.36/32
- Nov 2 04:40:50: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV
- 1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
- Nov 2 04:40:50: listening for IKE messages
- Nov 2 04:40:50: adding interface eth1/eth1 10.0.64.10:500
- Nov 2 04:40:50: adding interface eth1/eth1 10.0.64.10:4500
- Nov 2 04:40:50: adding interface eth0/eth0 exernalIP:500
- Nov 2 04:40:50: adding interface eth0/eth0 exernalIP:4500
- Nov 2 04:40:50: adding interface lo/lo 127.0.0.1:500
- Nov 2 04:40:50: adding interface lo/lo 127.0.0.1:4500
- Nov 2 04:40:50: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
- Nov 2 04:40:50: adding interface lo/lo ::1:500
- Nov 2 04:40:50: | setup callback for interface lo:500 fd 28
- Nov 2 04:40:50: | setup callback for interface lo:4500 fd 27
- Nov 2 04:40:50: | setup callback for interface lo:500 fd 26
- Nov 2 04:40:50: | setup callback for interface eth0:4500 fd 25
- Nov 2 04:40:50: | setup callback for interface eth0:500 fd 24
- Nov 2 04:40:50: | setup callback for interface eth1:4500 fd 23
- Nov 2 04:40:50: | setup callback for interface eth1:500 fd 22
- Nov 2 04:40:50: loading secrets from "/etc/ipsec.secrets"
- Nov 2 04:40:50: loading secrets from "/etc/ipsec.d/ipsec.secrets"
- Nov 2 04:40:50: | id type added to secret(0x7f630ca100f0) PPK_PSK: @LOCALID
- Nov 2 04:40:50: | id type added to secret(0x7f630ca100f0) PPK_PSK: remoteIDIP
- Nov 2 04:40:50: | Processing PSK at line 10: passed
- Nov 2 04:40:50: | processing connection "host-prd/0x1"
- Nov 2 04:40:50: | route owner of "host-prd/0x1" unrouted: NULL; eroute owner: NULL
- Nov 2 04:40:50: | could_route called for host-prd/0x1 (kind=CK_PERMANENT)
- Nov 2 04:40:50: | route owner of "host-prd/0x1" unrouted: NULL; eroute owner: NULL
- Nov 2 04:40:50: | shunt_eroute() called for connection 'host-prd/0x1' to 'add' for rt_kind 'prospective erouted'
- Nov 2 04:40:50: | route_and_eroute: firewall_notified: true
- Nov 2 04:40:50: | command executing prepare-host
- Nov 2 04:40:50: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PLUTO_INTERFACE='eth0' PLUTO_
- NEXT_HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP'
- PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' P
- LUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PE
- ER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW
- +IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN
- FO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
- Nov 2 04:40:50: | popen cmd is 938 chars long
- Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' :
- Nov 2 04:40:50: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='197.189.240.19:
- Nov 2 04:40:50: | cmd( 160):5' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_N:
- Nov 2 04:40:50: | cmd( 240):ET='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PL:
- Nov 2 04:40:50: | cmd( 320):UTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='41.2:
- Nov 2 04:40:50: | cmd( 400):23.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' P:
- Nov 2 04:40:50: | cmd( 480):LUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLU:
- Nov 2 04:40:50: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' P:
- Nov 2 04:40:50: | cmd( 640):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IK:
- Nov 2 04:40:50: | cmd( 720):EV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=:
- Nov 2 04:40:50: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO:
- Nov 2 04:40:50: | cmd( 880):_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
- Nov 2 04:40:50: | command executing route-host
- Nov 2 04:40:50: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PLUTO_INTERFACE='eth0' PLUTO_NEXT
- _HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP' PLUT
- O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' PLUTO
- _PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_P
- ORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKE
- V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='
- ' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
- Nov 2 04:40:50: | popen cmd is 936 chars long
- Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PL:
- Nov 2 04:40:50: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='exernalIP':
- Nov 2 04:40:50: | cmd( 160): PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET:
- Nov 2 04:40:50: | cmd( 240):='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUT:
- Nov 2 04:40:50: | cmd( 320):O_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='41.223:
- Nov 2 04:40:50: | cmd( 400):.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLU:
- Nov 2 04:40:50: | cmd( 480):TO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO:
- Nov 2 04:40:50: | cmd( 560):_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLU:
- Nov 2 04:40:50: | cmd( 640):TO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV:
- Nov 2 04:40:50: | cmd( 720):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 :
- Nov 2 04:40:50: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P:
- Nov 2 04:40:50: | cmd( 880):EER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | route owner of "host-prd/0x2" unrouted: NULL; eroute owner: NULL
- Nov 2 04:40:50: | could_route called for host-prd/0x2 (kind=CK_PERMANENT)
- Nov 2 04:40:50: | route owner of "host-prd/0x2" unrouted: NULL; eroute owner: NULL
- Nov 2 04:40:50: | shunt_eroute() called for connection 'host-prd/0x2' to 'add' for rt_kind 'prospective erouted'
- Nov 2 04:40:50: | route_and_eroute: firewall_notified: true
- Nov 2 04:40:50: | command executing prepare-host
- Nov 2 04:40:50: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PLUTO_INTERFACE='eth0' PLUTO_
- NEXT_HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP'
- PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' P
- LUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PE
- ER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW
- +IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN
- FO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
- Nov 2 04:40:50: | popen cmd is 938 chars long
- Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' :
- Nov 2 04:40:50: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='197.189.240.19:
- Nov 2 04:40:50: | cmd( 160):5' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_N:
- Nov 2 04:40:50: | cmd( 240):ET='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PL:
- Nov 2 04:40:50: | cmd( 320):UTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='41.2:
- Nov 2 04:40:50: | cmd( 400):23.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' P:
- Nov 2 04:40:50: | cmd( 480):LUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLU:
- Nov 2 04:40:50: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' P:
- Nov 2 04:40:50: | cmd( 640):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IK:
- Nov 2 04:40:50: | cmd( 720):EV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=:
- Nov 2 04:40:50: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO:
- Nov 2 04:40:50: | cmd( 880):_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
- Nov 2 04:40:50: | command executing route-host
- Nov 2 04:40:50: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PLUTO_INTERFACE='eth0' PLUTO_NEXT
- _HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP' PLUT
- O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' PLUTO
- _PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_P
- ORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKE
- V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='
- ' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
- Nov 2 04:40:50: | popen cmd is 936 chars long
- Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PL:
- Nov 2 04:40:50: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='exernalIP':
- Nov 2 04:40:50: | cmd( 160): PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET:
- Nov 2 04:40:50: | cmd( 240):='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUT:
- Nov 2 04:40:50: | cmd( 320):O_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='41.223:
- Nov 2 04:40:50: | cmd( 400):.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLU:
- Nov 2 04:40:50: | cmd( 480):TO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO:
- Nov 2 04:40:50: | cmd( 560):_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLU:
- Nov 2 04:40:50: | cmd( 640):TO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV:
- Nov 2 04:40:50: | cmd( 720):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 :
- Nov 2 04:40:50: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P:
- Nov 2 04:40:50: | cmd( 880):EER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
- Nov 2 04:40:50: initiating all conns with alias='host-prd'
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
- Nov 2 04:40:50: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
- Nov 2 04:40:50: | returning new proposal from esp_info
- Nov 2 04:40:50: | creating state object #1 at 0x7f630ca107d0
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | inserting state object #1
- Nov 2 04:40:50: | finding hash chain in state hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
- Nov 2 04:40:50: | found hash chain 17
- Nov 2 04:40:50: | list 0x7f630b5d5390 first entry (nil)
- Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5390 into list
- Nov 2 04:40:50: | updated next entry is (nil)
- Nov 2 04:40:50: | finding hash chain in icookie hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
- Nov 2 04:40:50: | found hash chain 17
- Nov 2 04:40:50: | list 0x7f630b5d54b0 first entry (nil)
- Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e58 next (nil) prev-next 0x7f630b5d54b0 into list
- Nov 2 04:40:50: | updated next entry is (nil)
- Nov 2 04:40:50: | inserting event EVENT_SO_DISCARD, timeout in 0.000000 seconds for #1
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | Queuing pending IPsec SA negotiating with remoteIDIP "host-prd/0x2"
- Nov 2 04:40:50: "host-prd/0x2" #1: initiating Main Mode
- Nov 2 04:40:50: | oakley_alg_makedb() processing ealg=5 halg=1 modp=2 eklen=0
- Nov 2 04:40:50: | oakley_alg_makedb() returning 0x7f630ca10340
- Nov 2 04:40:50: | sending 200 bytes for reply packet for main_outI1 through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
- Nov 2 04:40:50: | processing connection "host-prd/0x1"
- Nov 2 04:40:50: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
- Nov 2 04:40:50: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
- Nov 2 04:40:50: | returning new proposal from esp_info
- Nov 2 04:40:50: | Queuing pending IPsec SA negotiating with remoteIDIP "host-prd/0x1"
- Nov 2 04:40:50: | *received 100 bytes from remoteIDIP:500 on eth0 (port=500)
- Nov 2 04:40:50: | **parse ISAKMP Message:
- Nov 2 04:40:50: | initiator cookie:
- Nov 2 04:40:50: | 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | responder cookie:
- Nov 2 04:40:50: | 86 30 3c 84 2f 09 6b b3
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_SA (0x1)
- Nov 2 04:40:50: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Nov 2 04:40:50: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Nov 2 04:40:50: | flags: none (0x0)
- Nov 2 04:40:50: | message ID: 00 00 00 00
- Nov 2 04:40:50: | length: 100 (0x64)
- Nov 2 04:40:50: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
- Nov 2 04:40:50: | finding hash chain in state hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
- Nov 2 04:40:50: | found hash chain 5
- Nov 2 04:40:50: | v1 state object not found
- Nov 2 04:40:50: | finding hash chain in state hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
- Nov 2 04:40:50: | found hash chain 17
- Nov 2 04:40:50: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
- Nov 2 04:40:50: | v1 state object #1 found, in STATE_MAIN_I1
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2opt: 0x2080
- Nov 2 04:40:50: | ***parse ISAKMP Security Association Payload:
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_VID (0xd)
- Nov 2 04:40:50: | length: 52 (0x34)
- Nov 2 04:40:50: | DOI: ISAKMP_DOI_IPSEC (0x1)
- Nov 2 04:40:50: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
- Nov 2 04:40:50: | ***parse ISAKMP Vendor ID Payload:
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Nov 2 04:40:50: | length: 20 (0x14)
- Nov 2 04:40:50: "host-prd/0x2" #1: ignoring unknown Vendor ID payload [4855415745492d494b45763144534350]
- Nov 2 04:40:50: | ****parse IPsec DOI SIT:
- Nov 2 04:40:50: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
- Nov 2 04:40:50: | ****parse ISAKMP Proposal Payload:
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Nov 2 04:40:50: | length: 40 (0x28)
- Nov 2 04:40:50: | proposal number: 0 (0x0)
- Nov 2 04:40:50: | protocol ID: PROTO_ISAKMP (0x1)
- Nov 2 04:40:50: | SPI size: 0 (0x0)
- Nov 2 04:40:50: | number of transforms: 1 (0x1)
- Nov 2 04:40:50: | *****parse ISAKMP Transform Payload (ISAKMP):
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Nov 2 04:40:50: | length: 32 (0x20)
- Nov 2 04:40:50: | ISAKMP transform number: 0 (0x0)
- Nov 2 04:40:50: | ISAKMP transform ID: KEY_IKE (0x1)
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_LIFE_TYPE (0x800b)
- Nov 2 04:40:50: | length/value: 1 (0x1)
- Nov 2 04:40:50: | [1 is OAKLEY_LIFE_SECONDS]
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_LIFE_DURATION (0x800c)
- Nov 2 04:40:50: | length/value: 28800 (0x7080)
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
- Nov 2 04:40:50: | length/value: 5 (0x5)
- Nov 2 04:40:50: | [5 is OAKLEY_3DES_CBC]
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
- Nov 2 04:40:50: | length/value: 1 (0x1)
- Nov 2 04:40:50: | [1 is OAKLEY_MD5]
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
- Nov 2 04:40:50: | length/value: 1 (0x1)
- Nov 2 04:40:50: | [1 is OAKLEY_PRESHARED_KEY]
- Nov 2 04:40:50: | started looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
- Nov 2 04:40:50: | actually looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
- Nov 2 04:40:50: | id kind mismatch
- Nov 2 04:40:50: | 1: compared key remoteIDIP to @LOCALID / remoteIDIP -> 4
- Nov 2 04:40:50: | id kind mismatch
- Nov 2 04:40:50: | 2: compared key @LOCALID to @LOCALID / remoteIDIP -> 12
- Nov 2 04:40:50: | line 9: match=12
- Nov 2 04:40:50: | best_match 0>12 best=0x7f630ca100f0 (line=9)
- Nov 2 04:40:50: | concluding with best_match=12 best=0x7f630ca100f0 (lineno=9)
- Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
- Nov 2 04:40:50: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
- Nov 2 04:40:50: | length/value: 2 (0x2)
- Nov 2 04:40:50: | [2 is OAKLEY_GROUP_MODP1024]
- Nov 2 04:40:50: | Oakley Transform 0 accepted
- Nov 2 04:40:50: | crypto helper 0: pcw_work: 0
- Nov 2 04:40:50: | asking crypto helper 0 to do build KE and nonce; request ID 1 (len=2776, pcw_work=0)
- Nov 2 04:40:50: | inserting event EVENT_CRYPTO_FAILED, timeout in 60.000000 seconds for #1
- Nov 2 04:40:50: | complete v1 state transition with STF_SUSPEND
- Nov 2 04:40:50: | crypto helper 0 read fd: 11
- Nov 2 04:40:50: | crypto helper 0 doing build KE and nonce; request ID 1
- Nov 2 04:40:50: | crypto helper 0 finished build KE and nonce; request ID 1 time elapsed 660 usec
- Nov 2 04:40:50: | crypto helper 0 has finished work (pcw_work now 1)
- Nov 2 04:40:50: | crypto helper 0 replies to request ID 1
- Nov 2 04:40:50: | calling continuation function 0x7f630b2fe150
- Nov 2 04:40:50: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | rehashing state object #1
- Nov 2 04:40:50: | removing state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5390 from list
- Nov 2 04:40:50: | updated next entry is (nil)
- Nov 2 04:40:50: | finding hash chain in state hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
- Nov 2 04:40:50: | found hash chain 5
- Nov 2 04:40:50: | list 0x7f630b5d5330 first entry (nil)
- Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5330 into list
- Nov 2 04:40:50: | updated next entry is (nil)
- Nov 2 04:40:50: | complete v1 state transition with STF_OK
- Nov 2 04:40:50: "host-prd/0x2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
- Nov 2 04:40:50: | sending reply packet to remoteIDIP:500 (from port 500)
- Nov 2 04:40:50: | sending 180 bytes for STATE_MAIN_I1 through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
- Nov 2 04:40:50: "host-prd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
- Nov 2 04:40:50: | modecfg pull: noquirk policy:push not-client
- Nov 2 04:40:50: | phase 1 is done, looking for phase 2 to unpend
- Nov 2 04:40:50: | *received 180 bytes from remoteIDIP:500 on eth0 (port=500)
- Nov 2 04:40:50: | **parse ISAKMP Message:
- Nov 2 04:40:50: | initiator cookie:
- Nov 2 04:40:50: | 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | responder cookie:
- Nov 2 04:40:50: | 86 30 3c 84 2f 09 6b b3
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_KE (0x4)
- Nov 2 04:40:50: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
- Nov 2 04:40:50: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
- Nov 2 04:40:50: | flags: none (0x0)
- Nov 2 04:40:50: | message ID: 00 00 00 00
- Nov 2 04:40:50: | length: 180 (0xb4)
- Nov 2 04:40:50: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
- Nov 2 04:40:50: | finding hash chain in state hash table
- Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
- Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
- Nov 2 04:40:50: | found hash chain 5
- Nov 2 04:40:50: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
- Nov 2 04:40:50: | v1 state object #1 found, in STATE_MAIN_I2
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410opt: 0x102080
- Nov 2 04:40:50: | ***parse ISAKMP Key Exchange Payload:
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONCE (0xa)
- Nov 2 04:40:50: | length: 132 (0x84)
- Nov 2 04:40:50: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400opt: 0x102080
- Nov 2 04:40:50: | ***parse ISAKMP Nonce Payload:
- Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
- Nov 2 04:40:50: | length: 20 (0x14)
- Nov 2 04:40:50: | started looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
- Nov 2 04:40:50: | actually looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
- Nov 2 04:40:50: | id kind mismatch
- Nov 2 04:40:50: | 1: compared key remoteIDIP to @LOCALID / remoteIDIP -> 4
- Nov 2 04:40:50: | id kind mismatch
- Nov 2 04:40:50: | 2: compared key @LOCALID to @LOCALID / remoteIDIP -> 12
- Nov 2 04:40:50: | line 9: match=12
- Nov 2 04:40:50: | best_match 0>12 best=0x7f630ca100f0 (line=9)
- Nov 2 04:40:50: | concluding with best_match=12 best=0x7f630ca100f0 (lineno=9)
- Nov 2 04:40:50: | parent1 type: 2 group: 2 len: 2776
- Nov 2 04:40:50: | crypto helper 0: pcw_work: 0
- Nov 2 04:40:50: | asking crypto helper 0 to do compute dh+iv (V1 Phase 1); request ID 2 (len=2776, pcw_work=0)
- Nov 2 04:40:50: | inserting event EVENT_CRYPTO_FAILED, timeout in 60.000000 seconds for #1
- Nov 2 04:40:50: | complete v1 state transition with STF_SUSPEND
- Nov 2 04:40:50: | crypto helper 0 read fd: 11
- Nov 2 04:40:50: | crypto helper 0 doing compute dh+iv (V1 Phase 1); request ID 2
- Nov 2 04:40:50: | crypto helper 0 finished compute dh+iv (V1 Phase 1); request ID 2 time elapsed 1106 usec
- Nov 2 04:40:50: | crypto helper 0 has finished work (pcw_work now 1)
- Nov 2 04:40:50: | crypto helper 0 replies to request ID 2
- Nov 2 04:40:50: | calling continuation function 0x7f630b2fdf30
- Nov 2 04:40:50: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1
- Nov 2 04:40:50: | processing connection "host-prd/0x2"
- Nov 2 04:40:50: | thinking about whether to send my certificate:
- Nov 2 04:40:50: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
- Nov 2 04:40:50: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
- Nov 2 04:40:50: | so do not send cert.
- Nov 2 04:40:50: | I did not send a certificate because digital signatures are not being used. (PSK)
- Nov 2 04:40:50: | I am not sending a certificate request
- Nov 2 04:40:50: | Not sending INITIAL_CONTACT
- Nov 2 04:40:50: | complete v1 state transition with STF_OK
- Nov 2 04:40:50: "host-prd/0x2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
- Nov 2 04:40:50: | sending reply packet to remoteIDIP:500 (from port 500)
- Nov 2 04:40:50: | sending 68 bytes for STATE_MAIN_I2 through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
- Nov 2 04:40:50: "host-prd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
- Nov 2 04:40:50: | modecfg pull: noquirk policy:push not-client
- Nov 2 04:40:50: | phase 1 is done, looking for phase 2 to unpend
- Nov 2 04:40:51: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:40:51: | processing connection "host-prd/0x2"
- Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:40:51: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:51: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
- Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:40:51: | processing connection "host-prd/0x2"
- Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:40:51: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:51: | inserting event EVENT_v1_RETRANSMIT, timeout in 1.000000 seconds for #1
- Nov 2 04:40:52: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:40:52: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:40:52: | processing connection "host-prd/0x2"
- Nov 2 04:40:52: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:40:52: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:52: | inserting event EVENT_v1_RETRANSMIT, timeout in 2.000000 seconds for #1
- Nov 2 04:40:53: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:40:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:40:54: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:40:54: | processing connection "host-prd/0x2"
- Nov 2 04:40:54: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:40:54: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:54: | inserting event EVENT_v1_RETRANSMIT, timeout in 4.000000 seconds for #1
- Nov 2 04:40:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:40:58: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:40:58: | processing connection "host-prd/0x2"
- Nov 2 04:40:58: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:40:58: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:40:58: | inserting event EVENT_v1_RETRANSMIT, timeout in 8.000000 seconds for #1
- Nov 2 04:41:06: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:41:06: | processing connection "host-prd/0x2"
- Nov 2 04:41:06: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:41:06: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:41:06: | inserting event EVENT_v1_RETRANSMIT, timeout in 16.000000 seconds for #1
- Nov 2 04:41:09: | handling event EVENT_SHUNT_SCAN
- Nov 2 04:41:09: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
- Nov 2 04:41:21: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:41:21: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:41:22: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:41:22: | processing connection "host-prd/0x2"
- Nov 2 04:41:22: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:41:22: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
- Nov 2 04:41:22: | inserting event EVENT_v1_RETRANSMIT, timeout in 32.000000 seconds for #1
- Nov 2 04:41:29: | handling event EVENT_SHUNT_SCAN
- Nov 2 04:41:29: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
- Nov 2 04:41:49: | handling event EVENT_PENDING_DDNS
- Nov 2 04:41:49: | inserting event EVENT_PENDING_DDNS, timeout in 60.000000 seconds
- Nov 2 04:41:49: | handling event EVENT_SHUNT_SCAN
- Nov 2 04:41:49: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
- Nov 2 04:41:53: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:41:54: | handling event EVENT_v1_RETRANSMIT for state #1
- Nov 2 04:41:54: | processing connection "host-prd/0x2"
- Nov 2 04:41:54: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
- Nov 2 04:41:54: "host-prd/0x2" #1: max number of retransmissions (8) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response
- to our first encrypted message
- Nov 2 04:41:54: "host-prd/0x2" #1: deleting state #1 (STATE_MAIN_I3)
- Nov 2 04:41:54: | unhashing state object #1
- Nov 2 04:41:54: | removing state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5330 from list
- Nov 2 04:41:54: | updated next entry is (nil)
- Nov 2 04:41:54: | removing state 0x7f630ca107d0 entry 0x7f630ca10e58 next (nil) prev-next 0x7f630b5d54b0 from list
- Nov 2 04:41:54: | updated next entry is (nil)
- Nov 2 04:41:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:41:56: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:41:57: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
- Nov 2 04:42:09: | handling event EVENT_SHUNT_SCAN
- Nov 2 04:42:09: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
Add Comment
Please, Sign In to add comment