Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Jun 13 11:19:45 ast-scodev-4 charon: 00[DMN] signal of type SIGINT received. Shutting down
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] queueing QUICK_DELETE task
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] queueing ISAKMP_DELETE task
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating new tasks
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating QUICK_DELETE task
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] querying SAD entry with SPI ca94858a (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] querying SAD entry with SPI 059fef48 (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] closing CHILD_SA ios{1} with SPIs ca94858a_i (0 bytes) 059fef48_o (0 bytes) and TS 0.0.0.0/0 === 10.0.0.1/32
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting SAD entry with SPI ca94858a (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleted SAD entry with SPI ca94858a (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting SAD entry with SPI 059fef48 (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleted SAD entry with SPI 059fef48 (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] getting a local address in traffic selector 0.0.0.0/0
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] using host %any
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] using 10.89.150.254 as nexthop to reach 10.152.10.45
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] 10.89.150.204 is on interface eth0
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] getting iface index for eth0
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI ca94858a
- Jun 13 11:19:45 ast-scodev-4 charon: 00[ENC] generating INFORMATIONAL_V1 request 1901295212 [ HASH D ]
- Jun 13 11:19:45 ast-scodev-4 charon: 00[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (76 bytes)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating new tasks
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating ISAKMP_DELETE task
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] deleting IKE_SA ios[1] between 10.89.150.204[C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204]...10.152.10.45[C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2]
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] sending DELETE for IKE_SA ios[1]
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] IKE_SA ios[1] state change: ESTABLISHED => DELETING
- Jun 13 11:19:45 ast-scodev-4 charon: 00[ENC] generating INFORMATIONAL_V1 request 2488592887 [ HASH D ]
- Jun 13 11:19:45 ast-scodev-4 charon: 00[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (92 bytes)
- Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] IKE_SA ios[1] state change: DELETING => DESTROYING
- Jun 13 11:19:45 ast-scodev-4 charon: 00[CFG] lease 10.0.0.1 by 'C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2' went offline
- Jun 13 11:19:48 ast-scodev-4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-279.22.1.el6.centos.plus.x86_64, x86_64)
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] detected Linux 2.6.32, no support for RTA_PREFSRC for IPv6 routes
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] known interfaces and IP addresses:
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] lo
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] 127.0.0.1
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] ::1
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] eth0
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] 10.89.150.204
- Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] fe80::250:56ff:feaa:3c0b
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded ca certificate "C=US, ST=State, L=City, O=CA LTD, OU=CA Org, CN=root_ca" from '/etc/ipsec.d/cacerts/ca.crt.pem'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server.key.pem'
- Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded EAP secret for <edited>
- Jun 13 11:19:48 ast-scodev-4 charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic xauth-noauth
- Jun 13 11:19:48 ast-scodev-4 charon: 00[LIB] unable to load 6 plugin features (6 due to unmet dependencies)
- Jun 13 11:19:48 ast-scodev-4 charon: 00[JOB] spawning 16 worker threads
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] received stroke: add connection 'ios'
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] left nor right host is our side, assuming left=local
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] adding virtual IP address pool 10.0.0.0/24
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] loaded certificate "C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204" from 'server.crt.pem'
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] id '%any' not confirmed by certificate, defaulting to 'C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204'
- Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] added configuration 'ios'
- Jun 13 11:20:22 ast-scodev-4 charon: 10[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (668 bytes)
- Jun 13 11:20:22 ast-scodev-4 charon: 10[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received XAuth vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received Cisco Unity vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received FRAGMENTATION vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received DPD vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] 10.152.10.45 is initiating a Main Mode IKE_SA
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending XAuth vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending DPD vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending NAT-T (RFC 3947) vendor ID
- Jun 13 11:20:22 ast-scodev-4 charon: 10[ENC] generating ID_PROT response 0 [ SA V V V ]
- Jun 13 11:20:22 ast-scodev-4 charon: 10[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (136 bytes)
- Jun 13 11:20:22 ast-scodev-4 charon: 11[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (292 bytes)
- Jun 13 11:20:22 ast-scodev-4 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
- Jun 13 11:20:22 ast-scodev-4 charon: 11[IKE] sending cert request for "C=US, ST=State, L=City, O=CA LTD, OU=CA Org, CN=root_ca"
- Jun 13 11:20:22 ast-scodev-4 charon: 11[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
- Jun 13 11:20:22 ast-scodev-4 charon: 11[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (411 bytes)
- Jun 13 11:20:23 ast-scodev-4 charon: 12[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (1292 bytes)
- Jun 13 11:20:23 ast-scodev-4 charon: 12[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] ignoring certificate request without data
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] received end entity cert "C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2"
- Jun 13 11:20:23 ast-scodev-4 charon: 12[CFG] looking for XAuthInitRSA peer configs matching 10.89.150.204...10.152.10.45[C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2]
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] no peer config found
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] queueing INFORMATIONAL task
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] activating new tasks
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] activating INFORMATIONAL task
- Jun 13 11:20:23 ast-scodev-4 charon: 12[ENC] generating INFORMATIONAL_V1 request 1377396233 [ HASH N(AUTH_FAILED) ]
- Jun 13 11:20:23 ast-scodev-4 charon: 12[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (92 bytes)
- Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement