Advertisement
bviper

strongSwan log

Jun 13th, 2014
560
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.68 KB | None | 0 0
  1. Jun 13 11:19:45 ast-scodev-4 charon: 00[DMN] signal of type SIGINT received. Shutting down
  2. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] queueing QUICK_DELETE task
  3. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] queueing ISAKMP_DELETE task
  4. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating new tasks
  5. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating QUICK_DELETE task
  6. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] querying SAD entry with SPI ca94858a (mark 0/0x00000000)
  7. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] querying SAD entry with SPI 059fef48 (mark 0/0x00000000)
  8. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] closing CHILD_SA ios{1} with SPIs ca94858a_i (0 bytes) 059fef48_o (0 bytes) and TS 0.0.0.0/0 === 10.0.0.1/32
  9. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting SAD entry with SPI ca94858a (mark 0/0x00000000)
  10. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleted SAD entry with SPI ca94858a (mark 0/0x00000000)
  11. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting SAD entry with SPI 059fef48 (mark 0/0x00000000)
  12. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleted SAD entry with SPI 059fef48 (mark 0/0x00000000)
  13. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
  14. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
  15. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
  16. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
  17. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
  18. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
  19. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
  20. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] policy still used by another CHILD_SA, not removed
  21. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] updating policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
  22. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] getting a local address in traffic selector 0.0.0.0/0
  23. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] using host %any
  24. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] using 10.89.150.254 as nexthop to reach 10.152.10.45
  25. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] 10.89.150.204 is on interface eth0
  26. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 0.0.0.0/0 === 10.0.0.1/32 out (mark 0/0x00000000)
  27. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)
  28. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] deleting policy 10.0.0.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
  29. Jun 13 11:19:45 ast-scodev-4 charon: 00[KNL] getting iface index for eth0
  30. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI ca94858a
  31. Jun 13 11:19:45 ast-scodev-4 charon: 00[ENC] generating INFORMATIONAL_V1 request 1901295212 [ HASH D ]
  32. Jun 13 11:19:45 ast-scodev-4 charon: 00[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (76 bytes)
  33. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating new tasks
  34. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] activating ISAKMP_DELETE task
  35. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] deleting IKE_SA ios[1] between 10.89.150.204[C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204]...10.152.10.45[C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2]
  36. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] sending DELETE for IKE_SA ios[1]
  37. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] IKE_SA ios[1] state change: ESTABLISHED => DELETING
  38. Jun 13 11:19:45 ast-scodev-4 charon: 00[ENC] generating INFORMATIONAL_V1 request 2488592887 [ HASH D ]
  39. Jun 13 11:19:45 ast-scodev-4 charon: 00[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (92 bytes)
  40. Jun 13 11:19:45 ast-scodev-4 charon: 00[IKE] IKE_SA ios[1] state change: DELETING => DESTROYING
  41. Jun 13 11:19:45 ast-scodev-4 charon: 00[CFG] lease 10.0.0.1 by 'C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2' went offline
  42. Jun 13 11:19:48 ast-scodev-4 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-279.22.1.el6.centos.plus.x86_64, x86_64)
  43. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] detected Linux 2.6.32, no support for RTA_PREFSRC for IPv6 routes
  44. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] known interfaces and IP addresses:
  45. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] lo
  46. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] 127.0.0.1
  47. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] ::1
  48. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] eth0
  49. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] 10.89.150.204
  50. Jun 13 11:19:48 ast-scodev-4 charon: 00[KNL] fe80::250:56ff:feaa:3c0b
  51. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
  52. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded ca certificate "C=US, ST=State, L=City, O=CA LTD, OU=CA Org, CN=root_ca" from '/etc/ipsec.d/cacerts/ca.crt.pem'
  53. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
  54. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
  55. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
  56. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
  57. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
  58. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server.key.pem'
  59. Jun 13 11:19:48 ast-scodev-4 charon: 00[CFG] loaded EAP secret for <edited>
  60. Jun 13 11:19:48 ast-scodev-4 charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic xauth-noauth
  61. Jun 13 11:19:48 ast-scodev-4 charon: 00[LIB] unable to load 6 plugin features (6 due to unmet dependencies)
  62. Jun 13 11:19:48 ast-scodev-4 charon: 00[JOB] spawning 16 worker threads
  63. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] received stroke: add connection 'ios'
  64. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] left nor right host is our side, assuming left=local
  65. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] adding virtual IP address pool 10.0.0.0/24
  66. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] loaded certificate "C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204" from 'server.crt.pem'
  67. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] id '%any' not confirmed by certificate, defaulting to 'C=US, ST=State, L=City, O=Service_provider, OU=VPN, CN=10.89.150.204'
  68. Jun 13 11:19:48 ast-scodev-4 charon: 08[CFG] added configuration 'ios'
  69. Jun 13 11:20:22 ast-scodev-4 charon: 10[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (668 bytes)
  70. Jun 13 11:20:22 ast-scodev-4 charon: 10[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
  71. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
  72. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
  73. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
  74. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
  75. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
  76. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
  77. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
  78. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
  79. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
  80. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
  81. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received XAuth vendor ID
  82. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received Cisco Unity vendor ID
  83. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received FRAGMENTATION vendor ID
  84. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] received DPD vendor ID
  85. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] 10.152.10.45 is initiating a Main Mode IKE_SA
  86. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
  87. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending XAuth vendor ID
  88. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending DPD vendor ID
  89. Jun 13 11:20:22 ast-scodev-4 charon: 10[IKE] sending NAT-T (RFC 3947) vendor ID
  90. Jun 13 11:20:22 ast-scodev-4 charon: 10[ENC] generating ID_PROT response 0 [ SA V V V ]
  91. Jun 13 11:20:22 ast-scodev-4 charon: 10[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (136 bytes)
  92. Jun 13 11:20:22 ast-scodev-4 charon: 11[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (292 bytes)
  93. Jun 13 11:20:22 ast-scodev-4 charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
  94. Jun 13 11:20:22 ast-scodev-4 charon: 11[IKE] sending cert request for "C=US, ST=State, L=City, O=CA LTD, OU=CA Org, CN=root_ca"
  95. Jun 13 11:20:22 ast-scodev-4 charon: 11[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
  96. Jun 13 11:20:22 ast-scodev-4 charon: 11[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (411 bytes)
  97. Jun 13 11:20:23 ast-scodev-4 charon: 12[NET] received packet: from 10.152.10.45[500] to 10.89.150.204[500] (1292 bytes)
  98. Jun 13 11:20:23 ast-scodev-4 charon: 12[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
  99. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] ignoring certificate request without data
  100. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] received end entity cert "C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2"
  101. Jun 13 11:20:23 ast-scodev-4 charon: 12[CFG] looking for XAuthInitRSA peer configs matching 10.89.150.204...10.152.10.45[C=US, ST=State, L=City, O=Company_2, OU=Marketing, CN=client_2]
  102. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] no peer config found
  103. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] queueing INFORMATIONAL task
  104. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] activating new tasks
  105. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] activating INFORMATIONAL task
  106. Jun 13 11:20:23 ast-scodev-4 charon: 12[ENC] generating INFORMATIONAL_V1 request 1377396233 [ HASH N(AUTH_FAILED) ]
  107. Jun 13 11:20:23 ast-scodev-4 charon: 12[NET] sending packet: from 10.89.150.204[500] to 10.152.10.45[500] (92 bytes)
  108. Jun 13 11:20:23 ast-scodev-4 charon: 12[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement