API tools faq
paste
Guest User

Untitled

a guest
Nov 1st, 2016
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.90 KB | None | 0 0
raw download clone embed print report
  1. Nov 2 04:40:49: NSS DB directory: sql:/etc/ipsec.d
  2. Nov 2 04:40:49: NSS initialized
  3. Nov 2 04:40:49: libcap-ng support [enabled]
  4. Nov 2 04:40:49: FIPS HMAC integrity verification test passed
  5. Nov 2 04:40:49: FIPS: pluto daemon NOT running in FIPS mode
  6. Nov 2 04:40:49: Linux audit support [enabled]
  7. Nov 2 04:40:49: Linux audit activated
  8. Nov 2 04:40:49: Starting Pluto (Libreswan Version 3.15 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMA
  9. NAGER CURL(non-NSS) LDAP(non-NSS)) pid:18500
  10. Nov 2 04:40:49: core dump dir: /var/run/pluto
  11. Nov 2 04:40:49: secrets file: /etc/ipsec.secrets
  12. Nov 2 04:40:49: leak-detective disabled
  13. Nov 2 04:40:49: NSS crypto [enabled]
  14. Nov 2 04:40:49: XAUTH PAM support [enabled]
  15. Nov 2 04:40:49: NAT-Traversal support [enabled]
  16. Nov 2 04:40:49: virtual-private entry not proper subnet: non-hex field in IPv6 numeric address
  17. Nov 2 04:40:49: 1 bad entries in virtual-private - none loaded
  18. Nov 2 04:40:49: | inserting event EVENT_REINIT_SECRET, timeout in 3600.000000 seconds
  19. Nov 2 04:40:49: | inserting event EVENT_PENDING_DDNS, timeout in 60.000000 seconds
  20. Nov 2 04:40:49: | inserting event EVENT_PENDING_PHASE2, timeout in 120.000000 seconds
  21. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
  22. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
  23. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
  24. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
  25. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
  26. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
  27. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
  28. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
  29. Nov 2 04:40:49: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
  30. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
  31. Nov 2 04:40:49: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
  32. Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
  33. Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
  34. Nov 2 04:40:49: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
  35. Nov 2 04:40:49: starting up 3 crypto helpers
  36. Nov 2 04:40:49: started thread for crypto helper 0 (master fd 10)
  37. Nov 2 04:40:49: | setup helper callback for master fd 10
  38. Nov 2 04:40:49: started thread for crypto helper 1 (master fd 13)
  39. Nov 2 04:40:49: | setup helper callback for master fd 13
  40. Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 0) 22
  41. Nov 2 04:40:49: started thread for crypto helper 2 (master fd 15)
  42. Nov 2 04:40:49: | setup helper callback for master fd 15
  43. Nov 2 04:40:49: | crypto helper 0 waiting on fd 11
  44. Nov 2 04:40:49: Using Linux XFRM/NETKEY IPsec interface code on 2.6.32-504.16.2.el6.x86_64
  45. Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 2) 22
  46. Nov 2 04:40:49: | crypto helper 2 waiting on fd 16
  47. Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_8: Ok
  48. Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_12: Ok
  49. Nov 2 04:40:49: ike_alg_register_enc(): Activating aes_ccm_16: Ok
  50. Nov 2 04:40:49: | status value returned by setting the priority of this thread (crypto helper 1) 22
  51. Nov 2 04:40:49: | crypto helper 1 waiting on fd 14
  52. Nov 2 04:40:49: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
  53. Nov 2 04:40:49: | Could not change to legacy CRL directory '/etc/ipsec.d/crls': 2 No such file or directory
  54. Nov 2 04:40:49: | selinux support is NOT enabled.
  55. Nov 2 04:40:49: | inserting event EVENT_LOG_DAILY, timeout in 69551.000000 seconds
  56. Nov 2 04:40:50: | entering aalg_getbyname_ike()
  57. Nov 2 04:40:50: | Added new connection host-prd/0x1 with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
  58. Nov 2 04:40:50: | from whack: got --esp=3des-md5
  59. Nov 2 04:40:50: | phase2alg string values: 3DES(3)_000-MD5(1)_000
  60. Nov 2 04:40:50: | ike (phase1) algorithm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
  61. Nov 2 04:40:50: | certificate not loaded for this end
  62. Nov 2 04:40:50: | counting wild cards for @LOCALID is 0
  63. Nov 2 04:40:50: | certificate not loaded for this end
  64. Nov 2 04:40:50: | counting wild cards for remoteIDIP is 0
  65. Nov 2 04:40:50: added connection description "host-prd/0x1"
  66. Nov 2 04:40:50: | exernalIP/32===exernalIP<exernalIP>[@LOCALID]---defaultGW...defaultGW---remoteIDIP<remoteIDIP>=
  67. ==172.25.48.43/32
  68. Nov 2 04:40:50: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV
  69. 1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
  70. Nov 2 04:40:50: | entering aalg_getbyname_ike()
  71. Nov 2 04:40:50: | Added new connection host-prd/0x2 with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
  72. Nov 2 04:40:50: | from whack: got --esp=3des-md5
  73. Nov 2 04:40:50: | phase2alg string values: 3DES(3)_000-MD5(1)_000
  74. Nov 2 04:40:50: | ike (phase1) algorithm values: 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
  75. Nov 2 04:40:50: | certificate not loaded for this end
  76. Nov 2 04:40:50: | counting wild cards for @LOCALID is 0
  77. Nov 2 04:40:50: | certificate not loaded for this end
  78. Nov 2 04:40:50: | counting wild cards for remoteIDIP is 0
  79. Nov 2 04:40:50: added connection description "host-prd/0x2"
  80. Nov 2 04:40:50: | exernalIP/32===exernalIP<exernalIP>[@LOCALID]---defaultGW...defaultGW---remoteIDIP<remoteIDIP>=
  81. ==172.25.48.36/32
  82. Nov 2 04:40:50: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV
  83. 1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW
  84. Nov 2 04:40:50: listening for IKE messages
  85. Nov 2 04:40:50: adding interface eth1/eth1 10.0.64.10:500
  86. Nov 2 04:40:50: adding interface eth1/eth1 10.0.64.10:4500
  87. Nov 2 04:40:50: adding interface eth0/eth0 exernalIP:500
  88. Nov 2 04:40:50: adding interface eth0/eth0 exernalIP:4500
  89. Nov 2 04:40:50: adding interface lo/lo 127.0.0.1:500
  90. Nov 2 04:40:50: adding interface lo/lo 127.0.0.1:4500
  91. Nov 2 04:40:50: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
  92. Nov 2 04:40:50: adding interface lo/lo ::1:500
  93. Nov 2 04:40:50: | setup callback for interface lo:500 fd 28
  94. Nov 2 04:40:50: | setup callback for interface lo:4500 fd 27
  95. Nov 2 04:40:50: | setup callback for interface lo:500 fd 26
  96. Nov 2 04:40:50: | setup callback for interface eth0:4500 fd 25
  97. Nov 2 04:40:50: | setup callback for interface eth0:500 fd 24
  98. Nov 2 04:40:50: | setup callback for interface eth1:4500 fd 23
  99. Nov 2 04:40:50: | setup callback for interface eth1:500 fd 22
  100. Nov 2 04:40:50: loading secrets from "/etc/ipsec.secrets"
  101. Nov 2 04:40:50: loading secrets from "/etc/ipsec.d/ipsec.secrets"
  102. Nov 2 04:40:50: | id type added to secret(0x7f630ca100f0) PPK_PSK: @LOCALID
  103. Nov 2 04:40:50: | id type added to secret(0x7f630ca100f0) PPK_PSK: remoteIDIP
  104. Nov 2 04:40:50: | Processing PSK at line 10: passed
  105. Nov 2 04:40:50: | processing connection "host-prd/0x1"
  106. Nov 2 04:40:50: | route owner of "host-prd/0x1" unrouted: NULL; eroute owner: NULL
  107. Nov 2 04:40:50: | could_route called for host-prd/0x1 (kind=CK_PERMANENT)
  108. Nov 2 04:40:50: | route owner of "host-prd/0x1" unrouted: NULL; eroute owner: NULL
  109. Nov 2 04:40:50: | shunt_eroute() called for connection 'host-prd/0x1' to 'add' for rt_kind 'prospective erouted'
  110. Nov 2 04:40:50: | route_and_eroute: firewall_notified: true
  111. Nov 2 04:40:50: | command executing prepare-host
  112. Nov 2 04:40:50: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PLUTO_INTERFACE='eth0' PLUTO_
  113. NEXT_HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP'
  114. PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' P
  115. LUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PE
  116. ER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW
  117. +IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN
  118. FO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
  119. Nov 2 04:40:50: | popen cmd is 938 chars long
  120. Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' :
  121. Nov 2 04:40:50: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='197.189.240.19:
  122. Nov 2 04:40:50: | cmd( 160):5' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_N:
  123. Nov 2 04:40:50: | cmd( 240):ET='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PL:
  124. Nov 2 04:40:50: | cmd( 320):UTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='41.2:
  125. Nov 2 04:40:50: | cmd( 400):23.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' P:
  126. Nov 2 04:40:50: | cmd( 480):LUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLU:
  127. Nov 2 04:40:50: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' P:
  128. Nov 2 04:40:50: | cmd( 640):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IK:
  129. Nov 2 04:40:50: | cmd( 720):EV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=:
  130. Nov 2 04:40:50: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO:
  131. Nov 2 04:40:50: | cmd( 880):_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
  132. Nov 2 04:40:50: | command executing route-host
  133. Nov 2 04:40:50: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PLUTO_INTERFACE='eth0' PLUTO_NEXT
  134. _HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP' PLUT
  135. O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' PLUTO
  136. _PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLUTO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_P
  137. ORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKE
  138. V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='
  139. ' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
  140. Nov 2 04:40:50: | popen cmd is 936 chars long
  141. Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x1' PL:
  142. Nov 2 04:40:50: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='exernalIP':
  143. Nov 2 04:40:50: | cmd( 160): PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET:
  144. Nov 2 04:40:50: | cmd( 240):='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUT:
  145. Nov 2 04:40:50: | cmd( 320):O_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='41.223:
  146. Nov 2 04:40:50: | cmd( 400):.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.43/32' PLU:
  147. Nov 2 04:40:50: | cmd( 480):TO_PEER_CLIENT_NET='172.25.48.43' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO:
  148. Nov 2 04:40:50: | cmd( 560):_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLU:
  149. Nov 2 04:40:50: | cmd( 640):TO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV:
  150. Nov 2 04:40:50: | cmd( 720):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 :
  151. Nov 2 04:40:50: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P:
  152. Nov 2 04:40:50: | cmd( 880):EER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
  153. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  154. Nov 2 04:40:50: | route owner of "host-prd/0x2" unrouted: NULL; eroute owner: NULL
  155. Nov 2 04:40:50: | could_route called for host-prd/0x2 (kind=CK_PERMANENT)
  156. Nov 2 04:40:50: | route owner of "host-prd/0x2" unrouted: NULL; eroute owner: NULL
  157. Nov 2 04:40:50: | shunt_eroute() called for connection 'host-prd/0x2' to 'add' for rt_kind 'prospective erouted'
  158. Nov 2 04:40:50: | route_and_eroute: firewall_notified: true
  159. Nov 2 04:40:50: | command executing prepare-host
  160. Nov 2 04:40:50: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PLUTO_INTERFACE='eth0' PLUTO_
  161. NEXT_HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP'
  162. PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' P
  163. LUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PE
  164. ER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW
  165. +IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN
  166. FO='' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
  167. Nov 2 04:40:50: | popen cmd is 938 chars long
  168. Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' :
  169. Nov 2 04:40:50: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='197.189.240.19:
  170. Nov 2 04:40:50: | cmd( 160):5' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_N:
  171. Nov 2 04:40:50: | cmd( 240):ET='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PL:
  172. Nov 2 04:40:50: | cmd( 320):UTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='41.2:
  173. Nov 2 04:40:50: | cmd( 400):23.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' P:
  174. Nov 2 04:40:50: | cmd( 480):LUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLU:
  175. Nov 2 04:40:50: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' P:
  176. Nov 2 04:40:50: | cmd( 640):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IK:
  177. Nov 2 04:40:50: | cmd( 720):EV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=:
  178. Nov 2 04:40:50: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO:
  179. Nov 2 04:40:50: | cmd( 880):_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
  180. Nov 2 04:40:50: | command executing route-host
  181. Nov 2 04:40:50: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PLUTO_INTERFACE='eth0' PLUTO_NEXT
  182. _HOP='defaultGW' PLUTO_ME='exernalIP' PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET='exernalIP' PLUT
  183. O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='remoteIDIP' PLUTO
  184. _PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLUTO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_P
  185. ORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKE
  186. V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='
  187. ' PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1
  188. Nov 2 04:40:50: | popen cmd is 936 chars long
  189. Nov 2 04:40:50: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='host-prd/0x2' PL:
  190. Nov 2 04:40:50: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='defaultGW' PLUTO_ME='exernalIP':
  191. Nov 2 04:40:50: | cmd( 160): PLUTO_MY_ID='@LOCALID' PLUTO_MY_CLIENT='exernalIP/32' PLUTO_MY_CLIENT_NET:
  192. Nov 2 04:40:50: | cmd( 240):='exernalIP' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUT:
  193. Nov 2 04:40:50: | cmd( 320):O_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='41.223:
  194. Nov 2 04:40:50: | cmd( 400):.117.137' PLUTO_PEER_ID='remoteIDIP' PLUTO_PEER_CLIENT='172.25.48.36/32' PLU:
  195. Nov 2 04:40:50: | cmd( 480):TO_PEER_CLIENT_NET='172.25.48.36' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO:
  196. Nov 2 04:40:50: | cmd( 560):_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLU:
  197. Nov 2 04:40:50: | cmd( 640):TO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV1_ALLOW+IKEV:
  198. Nov 2 04:40:50: | cmd( 720):2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 :
  199. Nov 2 04:40:50: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P:
  200. Nov 2 04:40:50: | cmd( 880):EER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown 2>&1:
  201. Nov 2 04:40:50: initiating all conns with alias='host-prd'
  202. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  203. Nov 2 04:40:50: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  204. Nov 2 04:40:50: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
  205. Nov 2 04:40:50: | returning new proposal from esp_info
  206. Nov 2 04:40:50: | creating state object #1 at 0x7f630ca107d0
  207. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  208. Nov 2 04:40:50: | inserting state object #1
  209. Nov 2 04:40:50: | finding hash chain in state hash table
  210. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  211. Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
  212. Nov 2 04:40:50: | found hash chain 17
  213. Nov 2 04:40:50: | list 0x7f630b5d5390 first entry (nil)
  214. Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5390 into list
  215. Nov 2 04:40:50: | updated next entry is (nil)
  216. Nov 2 04:40:50: | finding hash chain in icookie hash table
  217. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  218. Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
  219. Nov 2 04:40:50: | found hash chain 17
  220. Nov 2 04:40:50: | list 0x7f630b5d54b0 first entry (nil)
  221. Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e58 next (nil) prev-next 0x7f630b5d54b0 into list
  222. Nov 2 04:40:50: | updated next entry is (nil)
  223. Nov 2 04:40:50: | inserting event EVENT_SO_DISCARD, timeout in 0.000000 seconds for #1
  224. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  225. Nov 2 04:40:50: | Queuing pending IPsec SA negotiating with remoteIDIP "host-prd/0x2"
  226. Nov 2 04:40:50: "host-prd/0x2" #1: initiating Main Mode
  227. Nov 2 04:40:50: | oakley_alg_makedb() processing ealg=5 halg=1 modp=2 eklen=0
  228. Nov 2 04:40:50: | oakley_alg_makedb() returning 0x7f630ca10340
  229. Nov 2 04:40:50: | sending 200 bytes for reply packet for main_outI1 through eth0:500 to remoteIDIP:500 (using #1)
  230. Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
  231. Nov 2 04:40:50: | processing connection "host-prd/0x1"
  232. Nov 2 04:40:50: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1
  233. Nov 2 04:40:50: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1
  234. Nov 2 04:40:50: | returning new proposal from esp_info
  235. Nov 2 04:40:50: | Queuing pending IPsec SA negotiating with remoteIDIP "host-prd/0x1"
  236. Nov 2 04:40:50: | *received 100 bytes from remoteIDIP:500 on eth0 (port=500)
  237. Nov 2 04:40:50: | **parse ISAKMP Message:
  238. Nov 2 04:40:50: | initiator cookie:
  239. Nov 2 04:40:50: | 74 57 5c fa 06 bd 55 c6
  240. Nov 2 04:40:50: | responder cookie:
  241. Nov 2 04:40:50: | 86 30 3c 84 2f 09 6b b3
  242. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_SA (0x1)
  243. Nov 2 04:40:50: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  244. Nov 2 04:40:50: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
  245. Nov 2 04:40:50: | flags: none (0x0)
  246. Nov 2 04:40:50: | message ID: 00 00 00 00
  247. Nov 2 04:40:50: | length: 100 (0x64)
  248. Nov 2 04:40:50: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
  249. Nov 2 04:40:50: | finding hash chain in state hash table
  250. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  251. Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
  252. Nov 2 04:40:50: | found hash chain 5
  253. Nov 2 04:40:50: | v1 state object not found
  254. Nov 2 04:40:50: | finding hash chain in state hash table
  255. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  256. Nov 2 04:40:50: | RCOOKIE: 00 00 00 00 00 00 00 00
  257. Nov 2 04:40:50: | found hash chain 17
  258. Nov 2 04:40:50: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
  259. Nov 2 04:40:50: | v1 state object #1 found, in STATE_MAIN_I1
  260. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  261. Nov 2 04:40:50: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2opt: 0x2080
  262. Nov 2 04:40:50: | ***parse ISAKMP Security Association Payload:
  263. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_VID (0xd)
  264. Nov 2 04:40:50: | length: 52 (0x34)
  265. Nov 2 04:40:50: | DOI: ISAKMP_DOI_IPSEC (0x1)
  266. Nov 2 04:40:50: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0opt: 0x2080
  267. Nov 2 04:40:50: | ***parse ISAKMP Vendor ID Payload:
  268. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
  269. Nov 2 04:40:50: | length: 20 (0x14)
  270. Nov 2 04:40:50: "host-prd/0x2" #1: ignoring unknown Vendor ID payload [4855415745492d494b45763144534350]
  271. Nov 2 04:40:50: | ****parse IPsec DOI SIT:
  272. Nov 2 04:40:50: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
  273. Nov 2 04:40:50: | ****parse ISAKMP Proposal Payload:
  274. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
  275. Nov 2 04:40:50: | length: 40 (0x28)
  276. Nov 2 04:40:50: | proposal number: 0 (0x0)
  277. Nov 2 04:40:50: | protocol ID: PROTO_ISAKMP (0x1)
  278. Nov 2 04:40:50: | SPI size: 0 (0x0)
  279. Nov 2 04:40:50: | number of transforms: 1 (0x1)
  280. Nov 2 04:40:50: | *****parse ISAKMP Transform Payload (ISAKMP):
  281. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
  282. Nov 2 04:40:50: | length: 32 (0x20)
  283. Nov 2 04:40:50: | ISAKMP transform number: 0 (0x0)
  284. Nov 2 04:40:50: | ISAKMP transform ID: KEY_IKE (0x1)
  285. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  286. Nov 2 04:40:50: | af+type: OAKLEY_LIFE_TYPE (0x800b)
  287. Nov 2 04:40:50: | length/value: 1 (0x1)
  288. Nov 2 04:40:50: | [1 is OAKLEY_LIFE_SECONDS]
  289. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  290. Nov 2 04:40:50: | af+type: OAKLEY_LIFE_DURATION (0x800c)
  291. Nov 2 04:40:50: | length/value: 28800 (0x7080)
  292. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  293. Nov 2 04:40:50: | af+type: OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
  294. Nov 2 04:40:50: | length/value: 5 (0x5)
  295. Nov 2 04:40:50: | [5 is OAKLEY_3DES_CBC]
  296. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  297. Nov 2 04:40:50: | af+type: OAKLEY_HASH_ALGORITHM (0x8002)
  298. Nov 2 04:40:50: | length/value: 1 (0x1)
  299. Nov 2 04:40:50: | [1 is OAKLEY_MD5]
  300. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  301. Nov 2 04:40:50: | af+type: OAKLEY_AUTHENTICATION_METHOD (0x8003)
  302. Nov 2 04:40:50: | length/value: 1 (0x1)
  303. Nov 2 04:40:50: | [1 is OAKLEY_PRESHARED_KEY]
  304. Nov 2 04:40:50: | started looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
  305. Nov 2 04:40:50: | actually looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
  306. Nov 2 04:40:50: | id kind mismatch
  307. Nov 2 04:40:50: | 1: compared key remoteIDIP to @LOCALID / remoteIDIP -> 4
  308. Nov 2 04:40:50: | id kind mismatch
  309. Nov 2 04:40:50: | 2: compared key @LOCALID to @LOCALID / remoteIDIP -> 12
  310. Nov 2 04:40:50: | line 9: match=12
  311. Nov 2 04:40:50: | best_match 0>12 best=0x7f630ca100f0 (line=9)
  312. Nov 2 04:40:50: | concluding with best_match=12 best=0x7f630ca100f0 (lineno=9)
  313. Nov 2 04:40:50: | ******parse ISAKMP Oakley attribute:
  314. Nov 2 04:40:50: | af+type: OAKLEY_GROUP_DESCRIPTION (0x8004)
  315. Nov 2 04:40:50: | length/value: 2 (0x2)
  316. Nov 2 04:40:50: | [2 is OAKLEY_GROUP_MODP1024]
  317. Nov 2 04:40:50: | Oakley Transform 0 accepted
  318. Nov 2 04:40:50: | crypto helper 0: pcw_work: 0
  319. Nov 2 04:40:50: | asking crypto helper 0 to do build KE and nonce; request ID 1 (len=2776, pcw_work=0)
  320. Nov 2 04:40:50: | inserting event EVENT_CRYPTO_FAILED, timeout in 60.000000 seconds for #1
  321. Nov 2 04:40:50: | complete v1 state transition with STF_SUSPEND
  322. Nov 2 04:40:50: | crypto helper 0 read fd: 11
  323. Nov 2 04:40:50: | crypto helper 0 doing build KE and nonce; request ID 1
  324. Nov 2 04:40:50: | crypto helper 0 finished build KE and nonce; request ID 1 time elapsed 660 usec
  325. Nov 2 04:40:50: | crypto helper 0 has finished work (pcw_work now 1)
  326. Nov 2 04:40:50: | crypto helper 0 replies to request ID 1
  327. Nov 2 04:40:50: | calling continuation function 0x7f630b2fe150
  328. Nov 2 04:40:50: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2
  329. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  330. Nov 2 04:40:50: | rehashing state object #1
  331. Nov 2 04:40:50: | removing state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5390 from list
  332. Nov 2 04:40:50: | updated next entry is (nil)
  333. Nov 2 04:40:50: | finding hash chain in state hash table
  334. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  335. Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
  336. Nov 2 04:40:50: | found hash chain 5
  337. Nov 2 04:40:50: | list 0x7f630b5d5330 first entry (nil)
  338. Nov 2 04:40:50: | inserted state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5330 into list
  339. Nov 2 04:40:50: | updated next entry is (nil)
  340. Nov 2 04:40:50: | complete v1 state transition with STF_OK
  341. Nov 2 04:40:50: "host-prd/0x2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  342. Nov 2 04:40:50: | sending reply packet to remoteIDIP:500 (from port 500)
  343. Nov 2 04:40:50: | sending 180 bytes for STATE_MAIN_I1 through eth0:500 to remoteIDIP:500 (using #1)
  344. Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
  345. Nov 2 04:40:50: "host-prd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
  346. Nov 2 04:40:50: | modecfg pull: noquirk policy:push not-client
  347. Nov 2 04:40:50: | phase 1 is done, looking for phase 2 to unpend
  348. Nov 2 04:40:50: | *received 180 bytes from remoteIDIP:500 on eth0 (port=500)
  349. Nov 2 04:40:50: | **parse ISAKMP Message:
  350. Nov 2 04:40:50: | initiator cookie:
  351. Nov 2 04:40:50: | 74 57 5c fa 06 bd 55 c6
  352. Nov 2 04:40:50: | responder cookie:
  353. Nov 2 04:40:50: | 86 30 3c 84 2f 09 6b b3
  354. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_KE (0x4)
  355. Nov 2 04:40:50: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
  356. Nov 2 04:40:50: | exchange type: ISAKMP_XCHG_IDPROT (0x2)
  357. Nov 2 04:40:50: | flags: none (0x0)
  358. Nov 2 04:40:50: | message ID: 00 00 00 00
  359. Nov 2 04:40:50: | length: 180 (0xb4)
  360. Nov 2 04:40:50: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
  361. Nov 2 04:40:50: | finding hash chain in state hash table
  362. Nov 2 04:40:50: | ICOOKIE: 74 57 5c fa 06 bd 55 c6
  363. Nov 2 04:40:50: | RCOOKIE: 86 30 3c 84 2f 09 6b b3
  364. Nov 2 04:40:50: | found hash chain 5
  365. Nov 2 04:40:50: | v1 peer and cookies match on #1, provided msgid 00000000 == 00000000
  366. Nov 2 04:40:50: | v1 state object #1 found, in STATE_MAIN_I2
  367. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  368. Nov 2 04:40:50: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410opt: 0x102080
  369. Nov 2 04:40:50: | ***parse ISAKMP Key Exchange Payload:
  370. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONCE (0xa)
  371. Nov 2 04:40:50: | length: 132 (0x84)
  372. Nov 2 04:40:50: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400opt: 0x102080
  373. Nov 2 04:40:50: | ***parse ISAKMP Nonce Payload:
  374. Nov 2 04:40:50: | next payload type: ISAKMP_NEXT_NONE (0x0)
  375. Nov 2 04:40:50: | length: 20 (0x14)
  376. Nov 2 04:40:50: | started looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
  377. Nov 2 04:40:50: | actually looking for secret for @LOCALID->remoteIDIP of kind PPK_PSK
  378. Nov 2 04:40:50: | id kind mismatch
  379. Nov 2 04:40:50: | 1: compared key remoteIDIP to @LOCALID / remoteIDIP -> 4
  380. Nov 2 04:40:50: | id kind mismatch
  381. Nov 2 04:40:50: | 2: compared key @LOCALID to @LOCALID / remoteIDIP -> 12
  382. Nov 2 04:40:50: | line 9: match=12
  383. Nov 2 04:40:50: | best_match 0>12 best=0x7f630ca100f0 (line=9)
  384. Nov 2 04:40:50: | concluding with best_match=12 best=0x7f630ca100f0 (lineno=9)
  385. Nov 2 04:40:50: | parent1 type: 2 group: 2 len: 2776
  386. Nov 2 04:40:50: | crypto helper 0: pcw_work: 0
  387. Nov 2 04:40:50: | asking crypto helper 0 to do compute dh+iv (V1 Phase 1); request ID 2 (len=2776, pcw_work=0)
  388. Nov 2 04:40:50: | inserting event EVENT_CRYPTO_FAILED, timeout in 60.000000 seconds for #1
  389. Nov 2 04:40:50: | complete v1 state transition with STF_SUSPEND
  390. Nov 2 04:40:50: | crypto helper 0 read fd: 11
  391. Nov 2 04:40:50: | crypto helper 0 doing compute dh+iv (V1 Phase 1); request ID 2
  392. Nov 2 04:40:50: | crypto helper 0 finished compute dh+iv (V1 Phase 1); request ID 2 time elapsed 1106 usec
  393. Nov 2 04:40:50: | crypto helper 0 has finished work (pcw_work now 1)
  394. Nov 2 04:40:50: | crypto helper 0 replies to request ID 2
  395. Nov 2 04:40:50: | calling continuation function 0x7f630b2fdf30
  396. Nov 2 04:40:50: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1
  397. Nov 2 04:40:50: | processing connection "host-prd/0x2"
  398. Nov 2 04:40:50: | thinking about whether to send my certificate:
  399. Nov 2 04:40:50: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0??
  400. Nov 2 04:40:50: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request
  401. Nov 2 04:40:50: | so do not send cert.
  402. Nov 2 04:40:50: | I did not send a certificate because digital signatures are not being used. (PSK)
  403. Nov 2 04:40:50: | I am not sending a certificate request
  404. Nov 2 04:40:50: | Not sending INITIAL_CONTACT
  405. Nov 2 04:40:50: | complete v1 state transition with STF_OK
  406. Nov 2 04:40:50: "host-prd/0x2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  407. Nov 2 04:40:50: | sending reply packet to remoteIDIP:500 (from port 500)
  408. Nov 2 04:40:50: | sending 68 bytes for STATE_MAIN_I2 through eth0:500 to remoteIDIP:500 (using #1)
  409. Nov 2 04:40:50: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
  410. Nov 2 04:40:50: "host-prd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
  411. Nov 2 04:40:50: | modecfg pull: noquirk policy:push not-client
  412. Nov 2 04:40:50: | phase 1 is done, looking for phase 2 to unpend
  413. Nov 2 04:40:51: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  414. Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for state #1
  415. Nov 2 04:40:51: | processing connection "host-prd/0x2"
  416. Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  417. Nov 2 04:40:51: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  418. Nov 2 04:40:51: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #1
  419. Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for state #1
  420. Nov 2 04:40:51: | processing connection "host-prd/0x2"
  421. Nov 2 04:40:51: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  422. Nov 2 04:40:51: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  423. Nov 2 04:40:51: | inserting event EVENT_v1_RETRANSMIT, timeout in 1.000000 seconds for #1
  424. Nov 2 04:40:52: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  425. Nov 2 04:40:52: | handling event EVENT_v1_RETRANSMIT for state #1
  426. Nov 2 04:40:52: | processing connection "host-prd/0x2"
  427. Nov 2 04:40:52: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  428. Nov 2 04:40:52: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  429. Nov 2 04:40:52: | inserting event EVENT_v1_RETRANSMIT, timeout in 2.000000 seconds for #1
  430. Nov 2 04:40:53: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  431. Nov 2 04:40:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  432. Nov 2 04:40:54: | handling event EVENT_v1_RETRANSMIT for state #1
  433. Nov 2 04:40:54: | processing connection "host-prd/0x2"
  434. Nov 2 04:40:54: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  435. Nov 2 04:40:54: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  436. Nov 2 04:40:54: | inserting event EVENT_v1_RETRANSMIT, timeout in 4.000000 seconds for #1
  437. Nov 2 04:40:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  438. Nov 2 04:40:58: | handling event EVENT_v1_RETRANSMIT for state #1
  439. Nov 2 04:40:58: | processing connection "host-prd/0x2"
  440. Nov 2 04:40:58: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  441. Nov 2 04:40:58: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  442. Nov 2 04:40:58: | inserting event EVENT_v1_RETRANSMIT, timeout in 8.000000 seconds for #1
  443. Nov 2 04:41:06: | handling event EVENT_v1_RETRANSMIT for state #1
  444. Nov 2 04:41:06: | processing connection "host-prd/0x2"
  445. Nov 2 04:41:06: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  446. Nov 2 04:41:06: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  447. Nov 2 04:41:06: | inserting event EVENT_v1_RETRANSMIT, timeout in 16.000000 seconds for #1
  448. Nov 2 04:41:09: | handling event EVENT_SHUNT_SCAN
  449. Nov 2 04:41:09: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
  450. Nov 2 04:41:21: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  451. Nov 2 04:41:21: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  452. Nov 2 04:41:22: | handling event EVENT_v1_RETRANSMIT for state #1
  453. Nov 2 04:41:22: | processing connection "host-prd/0x2"
  454. Nov 2 04:41:22: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  455. Nov 2 04:41:22: | sending 68 bytes for EVENT_v1_RETRANSMIT through eth0:500 to remoteIDIP:500 (using #1)
  456. Nov 2 04:41:22: | inserting event EVENT_v1_RETRANSMIT, timeout in 32.000000 seconds for #1
  457. Nov 2 04:41:29: | handling event EVENT_SHUNT_SCAN
  458. Nov 2 04:41:29: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
  459. Nov 2 04:41:49: | handling event EVENT_PENDING_DDNS
  460. Nov 2 04:41:49: | inserting event EVENT_PENDING_DDNS, timeout in 60.000000 seconds
  461. Nov 2 04:41:49: | handling event EVENT_SHUNT_SCAN
  462. Nov 2 04:41:49: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
  463. Nov 2 04:41:53: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  464. Nov 2 04:41:54: | handling event EVENT_v1_RETRANSMIT for state #1
  465. Nov 2 04:41:54: | processing connection "host-prd/0x2"
  466. Nov 2 04:41:54: | handling event EVENT_v1_RETRANSMIT for remoteIDIP "host-prd/0x2" #1 attempt 1 of 0
  467. Nov 2 04:41:54: "host-prd/0x2" #1: max number of retransmissions (8) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response
  468. to our first encrypted message
  469. Nov 2 04:41:54: "host-prd/0x2" #1: deleting state #1 (STATE_MAIN_I3)
  470. Nov 2 04:41:54: | unhashing state object #1
  471. Nov 2 04:41:54: | removing state 0x7f630ca107d0 entry 0x7f630ca10e40 next (nil) prev-next 0x7f630b5d5330 from list
  472. Nov 2 04:41:54: | updated next entry is (nil)
  473. Nov 2 04:41:54: | removing state 0x7f630ca107d0 entry 0x7f630ca10e58 next (nil) prev-next 0x7f630b5d54b0 from list
  474. Nov 2 04:41:54: | updated next entry is (nil)
  475. Nov 2 04:41:54: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  476. Nov 2 04:41:56: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  477. Nov 2 04:41:57: | SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce
  478. Nov 2 04:42:09: | handling event EVENT_SHUNT_SCAN
  479. Nov 2 04:42:09: | inserting event EVENT_SHUNT_SCAN, timeout in 20.000000 seconds
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!