API tools faq
paste
artyom_h31

Untitled

artyom_h31
Apr 29th, 2017
280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.86 KB | None | 0 0
raw download clone embed print report
  1. Sat, 2017-04-29 21:56 00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 3.10.104-11-ARCH, armv7l)
  2. Sat, 2017-04-29 21:56 00[LIB] plugin 'aes': loaded successfully
  3. Sat, 2017-04-29 21:56 00[LIB] plugin 'des': loaded successfully
  4. Sat, 2017-04-29 21:56 00[LIB] plugin 'rc2': loaded successfully
  5. Sat, 2017-04-29 21:56 00[LIB] plugin 'sha2': loaded successfully
  6. Sat, 2017-04-29 21:56 00[LIB] plugin 'sha3': loaded successfully
  7. Sat, 2017-04-29 21:56 00[LIB] plugin 'sha1': loaded successfully
  8. Sat, 2017-04-29 21:56 00[LIB] plugin 'md5': loaded successfully
  9. Sat, 2017-04-29 21:56 00[LIB] plugin 'mgf1': loaded successfully
  10. Sat, 2017-04-29 21:56 00[LIB] plugin 'random': loaded successfully
  11. Sat, 2017-04-29 21:56 00[LIB] plugin 'nonce': loaded successfully
  12. Sat, 2017-04-29 21:56 00[LIB] plugin 'x509': loaded successfully
  13. Sat, 2017-04-29 21:56 00[LIB] plugin 'revocation': loaded successfully
  14. Sat, 2017-04-29 21:56 00[LIB] plugin 'constraints': loaded successfully
  15. Sat, 2017-04-29 21:56 00[LIB] plugin 'pubkey': loaded successfully
  16. Sat, 2017-04-29 21:56 00[LIB] plugin 'pkcs1': loaded successfully
  17. Sat, 2017-04-29 21:56 00[LIB] plugin 'pkcs7': loaded successfully
  18. Sat, 2017-04-29 21:56 00[LIB] plugin 'pkcs8': loaded successfully
  19. Sat, 2017-04-29 21:56 00[LIB] plugin 'pkcs12': loaded successfully
  20. Sat, 2017-04-29 21:56 00[LIB] plugin 'pgp': loaded successfully
  21. Sat, 2017-04-29 21:56 00[LIB] plugin 'dnskey': loaded successfully
  22. Sat, 2017-04-29 21:56 00[LIB] plugin 'sshkey': loaded successfully
  23. Sat, 2017-04-29 21:56 00[LIB] plugin 'dnscert': loaded successfully
  24. Sat, 2017-04-29 21:56 00[LIB] plugin 'pem': loaded successfully
  25. Sat, 2017-04-29 21:56 00[LIB] plugin 'openssl': loaded successfully
  26. Sat, 2017-04-29 21:56 00[LIB] plugin 'fips-prf': loaded successfully
  27. Sat, 2017-04-29 21:56 00[LIB] plugin 'gmp': loaded successfully
  28. Sat, 2017-04-29 21:56 00[LIB] plugin 'curve25519': loaded successfully
  29. Sat, 2017-04-29 21:56 00[LIB] plugin 'chapoly': loaded successfully
  30. Sat, 2017-04-29 21:56 00[LIB] plugin 'xcbc': loaded successfully
  31. Sat, 2017-04-29 21:56 00[LIB] plugin 'cmac': loaded successfully
  32. Sat, 2017-04-29 21:56 00[LIB] plugin 'hmac': loaded successfully
  33. Sat, 2017-04-29 21:56 00[LIB] plugin 'ntru': loaded successfully
  34. Sat, 2017-04-29 21:56 00[LIB] plugin 'newhope': loaded successfully
  35. Sat, 2017-04-29 21:56 00[LIB] plugin 'bliss': loaded successfully
  36. Sat, 2017-04-29 21:56 00[LIB] plugin 'curl': loaded successfully
  37. Sat, 2017-04-29 21:56 00[LIB] plugin 'attr': loaded successfully
  38. Sat, 2017-04-29 21:56 00[LIB] plugin 'kernel-netlink': loaded successfully
  39. Sat, 2017-04-29 21:56 00[LIB] plugin 'resolve': loaded successfully
  40. Sat, 2017-04-29 21:56 00[LIB] plugin 'socket-default': loaded successfully
  41. Sat, 2017-04-29 21:56 00[LIB] plugin 'connmark': loaded successfully
  42. Sat, 2017-04-29 21:56 00[LIB] plugin 'forecast': loaded successfully
  43. Sat, 2017-04-29 21:56 00[LIB] plugin 'farp': loaded successfully
  44. Sat, 2017-04-29 21:56 00[LIB] plugin 'stroke': loaded successfully
  45. Sat, 2017-04-29 21:56 00[LIB] plugin 'vici': loaded successfully
  46. Sat, 2017-04-29 21:56 00[LIB] plugin 'updown': loaded successfully
  47. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-identity': loaded successfully
  48. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-md5': loaded successfully
  49. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-mschapv2': loaded successfully
  50. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-dynamic': loaded successfully
  51. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-tls': loaded successfully
  52. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-ttls': loaded successfully
  53. Sat, 2017-04-29 21:56 00[LIB] plugin 'eap-peap': loaded successfully
  54. Sat, 2017-04-29 21:56 00[LIB] plugin 'xauth-generic': loaded successfully
  55. Sat, 2017-04-29 21:56 00[LIB] plugin 'xauth-eap': loaded successfully
  56. Sat, 2017-04-29 21:56 00[LIB] plugin 'xauth-pam': loaded successfully
  57. Sat, 2017-04-29 21:56 00[LIB] plugin 'xauth-noauth': loaded successfully
  58. Sat, 2017-04-29 21:56 00[LIB] plugin 'dhcp': loaded successfully
  59. Sat, 2017-04-29 21:56 00[LIB] plugin 'ext-auth': loaded successfully
  60. Sat, 2017-04-29 21:56 00[KNL] known interfaces and IP addresses:
  61. Sat, 2017-04-29 21:56 00[KNL] lo
  62. Sat, 2017-04-29 21:56 00[KNL] 127.0.0.1
  63. Sat, 2017-04-29 21:56 00[KNL] ::1
  64. Sat, 2017-04-29 21:56 00[KNL] eth0
  65. Sat, 2017-04-29 21:56 00[KNL] 192.168.1.110
  66. Sat, 2017-04-29 21:56 00[KNL] 2002:b035:e00d:0:4cc2:9b49:6ca5:dcc3
  67. Sat, 2017-04-29 21:56 00[KNL] fd7a:46c:f954::110
  68. Sat, 2017-04-29 21:56 00[KNL] fd7a:46c:f954:0:996:caf:7824:6b02
  69. Sat, 2017-04-29 21:56 00[KNL] fe80::21e:6ff:fecb:1923
  70. Sat, 2017-04-29 21:56 00[KNL] docker0
  71. Sat, 2017-04-29 21:56 00[KNL] 172.17.0.1
  72. Sat, 2017-04-29 21:56 00[KNL] fe80::42:ff:fe81:c862
  73. Sat, 2017-04-29 21:56 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
  74. Sat, 2017-04-29 21:56 00[LIB] feature CUSTOM:dnscert in plugin 'dnscert' has unmet dependency: RESOLVER
  75. Sat, 2017-04-29 21:56 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
  76. Sat, 2017-04-29 21:56 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
  77. Sat, 2017-04-29 21:56 00[NET] using forecast interface eth0
  78. Sat, 2017-04-29 21:56 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
  79. Sat, 2017-04-29 21:56 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
  80. Sat, 2017-04-29 21:56 00[CFG] loaded ca certificate "CN=Artyom CA" from '/etc/ipsec.d/cacerts/ca.crt'
  81. Sat, 2017-04-29 21:56 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
  82. Sat, 2017-04-29 21:56 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
  83. Sat, 2017-04-29 21:56 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
  84. Sat, 2017-04-29 21:56 00[CFG] loading crls from '/etc/ipsec.d/crls'
  85. Sat, 2017-04-29 21:56 00[CFG] loading secrets from '/etc/ipsec.secrets'
  86. Sat, 2017-04-29 21:56 00[CFG] loaded ECDSA private key from '/etc/ipsec.d/private/vpn.h31.ishere.ru.key'
  87. Sat, 2017-04-29 21:56 00[CFG] loaded EAP secret for artyomNexus5
  88. Sat, 2017-04-29 21:56 00[CFG] loaded EAP secret for DellLaptop
  89. Sat, 2017-04-29 21:56 00[CFG] no script for ext-auth script defined, disabled
  90. Sat, 2017-04-29 21:56 00[LIB] feature CUSTOM:ext_auth in plugin 'ext-auth' failed to load
  91. Sat, 2017-04-29 21:56 00[LIB] unloading plugin 'dnscert' without loaded features
  92. Sat, 2017-04-29 21:56 00[LIB] unloading plugin 'ext-auth' without loaded features
  93. Sat, 2017-04-29 21:56 00[LIB] loaded plugins: charon aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 chapoly xcbc cmac hmac ntru newhope bliss curl attr kernel-netlink resolve socket-default connmark forecast farp stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
  94. Sat, 2017-04-29 21:56 00[LIB] unable to load 5 plugin features (4 due to unmet dependencies)
  95. Sat, 2017-04-29 21:56 00[LIB] dropped capabilities, running as uid 0, gid 0
  96. Sat, 2017-04-29 21:56 00[JOB] spawning 16 worker threads
  97. Sat, 2017-04-29 21:56 01[LIB] created thread 01 [28006]
  98. Sat, 2017-04-29 21:56 02[LIB] created thread 02 [28007]
  99. Sat, 2017-04-29 21:56 03[LIB] created thread 03 [28008]
  100. Sat, 2017-04-29 21:56 04[LIB] created thread 04 [28009]
  101. Sat, 2017-04-29 21:56 05[LIB] created thread 05 [28010]
  102. Sat, 2017-04-29 21:56 06[LIB] created thread 06 [28013]
  103. Sat, 2017-04-29 21:56 09[LIB] created thread 09 [28014]
  104. Sat, 2017-04-29 21:56 10[LIB] created thread 10 [28015]
  105. Sat, 2017-04-29 21:56 11[LIB] created thread 11 [28016]
  106. Sat, 2017-04-29 21:56 12[LIB] created thread 12 [28017]
  107. Sat, 2017-04-29 21:56 07[LIB] created thread 07 [28012]
  108. Sat, 2017-04-29 21:56 08[LIB] created thread 08 [28011]
  109. Sat, 2017-04-29 21:56 13[LIB] created thread 13 [28018]
  110. Sat, 2017-04-29 21:56 14[LIB] created thread 14 [28019]
  111. Sat, 2017-04-29 21:56 16[LIB] created thread 16 [28021]
  112. Sat, 2017-04-29 21:56 15[LIB] created thread 15 [28020]
  113. Sat, 2017-04-29 21:56 06[CFG] received stroke: add connection 'work'
  114. Sat, 2017-04-29 21:56 06[CFG] conn work
  115. Sat, 2017-04-29 21:56 06[CFG] left=%any
  116. Sat, 2017-04-29 21:56 06[CFG] leftsubnet=192.168.1.1/24,::/0
  117. Sat, 2017-04-29 21:56 06[CFG] leftauth=pubkey
  118. Sat, 2017-04-29 21:56 06[CFG] leftcert=vpn.h31.ishere.ru.crt
  119. Sat, 2017-04-29 21:56 06[CFG] leftupdown=ipsec _updown iptables
  120. Sat, 2017-04-29 21:56 06[CFG] right=%any
  121. Sat, 2017-04-29 21:56 06[CFG] rightsourceip=%dhcp,fd00:7306:6bc5::1
  122. Sat, 2017-04-29 21:56 06[CFG] rightauth=pubkey
  123. Sat, 2017-04-29 21:56 06[CFG] rightid=work
  124. Sat, 2017-04-29 21:56 06[CFG] rightcert=work.crt
  125. Sat, 2017-04-29 21:56 06[CFG] ike=aes256gcm16-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024!
  126. Sat, 2017-04-29 21:56 06[CFG] esp=aes128ctr-sha1-sha256-modp2048!
  127. Sat, 2017-04-29 21:56 06[CFG] dpddelay=35
  128. Sat, 2017-04-29 21:56 06[CFG] dpdtimeout=300
  129. Sat, 2017-04-29 21:56 06[CFG] dpdaction=1
  130. Sat, 2017-04-29 21:56 06[CFG] mediation=no
  131. Sat, 2017-04-29 21:56 06[CFG] keyexchange=ikev2
  132. Sat, 2017-04-29 21:56 06[CFG] adding virtual IP address pool fd00:7306:6bc5::1
  133. Sat, 2017-04-29 21:56 06[CFG] loaded certificate "CN=vpn.h31.ishere.ru" from 'vpn.h31.ishere.ru.crt'
  134. Sat, 2017-04-29 21:56 06[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=vpn.h31.ishere.ru'
  135. Sat, 2017-04-29 21:56 06[LIB] opening '/etc/ipsec.d/certs/work.crt' failed: Permission denied
  136. Sat, 2017-04-29 21:56 06[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders
  137. Sat, 2017-04-29 21:56 06[CFG] loading certificate from 'work.crt' failed
  138. Sat, 2017-04-29 21:56 06[CFG] added configuration 'work'
  139. Sat, 2017-04-29 21:56 10[CFG] received stroke: add connection 'work-container'
  140. Sat, 2017-04-29 21:56 10[CFG] conn work-container
  141. Sat, 2017-04-29 21:56 10[CFG] left=%any
  142. Sat, 2017-04-29 21:56 10[CFG] leftsubnet=0.0.0.0/0,::/0
  143. Sat, 2017-04-29 21:56 10[CFG] leftauth=pubkey
  144. Sat, 2017-04-29 21:56 10[CFG] leftcert=vpn.h31.ishere.ru.crt
  145. Sat, 2017-04-29 21:56 10[CFG] leftupdown=ipsec _updown iptables
  146. Sat, 2017-04-29 21:56 10[CFG] right=%any
  147. Sat, 2017-04-29 21:56 10[CFG] rightsourceip=%dhcp
  148. Sat, 2017-04-29 21:56 10[CFG] rightauth=pubkey
  149. Sat, 2017-04-29 21:56 10[CFG] rightid=work-container
  150. Sat, 2017-04-29 21:56 10[CFG] rightcert=work-container.crt
  151. Sat, 2017-04-29 21:56 10[CFG] ike=aes256gcm16-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024!
  152. Sat, 2017-04-29 21:56 10[CFG] esp=aes128ctr-sha1-sha256-modp2048!
  153. Sat, 2017-04-29 21:56 10[CFG] dpddelay=35
  154. Sat, 2017-04-29 21:56 10[CFG] dpdtimeout=300
  155. Sat, 2017-04-29 21:56 10[CFG] dpdaction=1
  156. Sat, 2017-04-29 21:56 10[CFG] mediation=no
  157. Sat, 2017-04-29 21:56 10[CFG] keyexchange=ikev2
  158. Sat, 2017-04-29 21:56 10[CFG] loaded certificate "CN=vpn.h31.ishere.ru" from 'vpn.h31.ishere.ru.crt'
  159. Sat, 2017-04-29 21:56 10[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=vpn.h31.ishere.ru'
  160. Sat, 2017-04-29 21:56 10[LIB] opening '/etc/ipsec.d/certs/work-container.crt' failed: Permission denied
  161. Sat, 2017-04-29 21:56 10[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders
  162. Sat, 2017-04-29 21:56 10[CFG] loading certificate from 'work-container.crt' failed
  163. Sat, 2017-04-29 21:56 10[CFG] added configuration 'work-container'
  164. Sat, 2017-04-29 21:56 11[CFG] received stroke: add connection 'mobile'
  165. Sat, 2017-04-29 21:56 11[CFG] conn mobile
  166. Sat, 2017-04-29 21:56 11[CFG] left=%any
  167. Sat, 2017-04-29 21:56 11[CFG] leftsubnet=0.0.0.0/0,::/0
  168. Sat, 2017-04-29 21:56 11[CFG] leftauth=pubkey
  169. Sat, 2017-04-29 21:56 11[CFG] leftcert=vpn.h31.ishere.ru.crt
  170. Sat, 2017-04-29 21:56 11[CFG] leftupdown=ipsec _updown iptables
  171. Sat, 2017-04-29 21:56 11[CFG] right=%any
  172. Sat, 2017-04-29 21:56 11[CFG] rightsourceip=%dhcp
  173. Sat, 2017-04-29 21:56 11[CFG] rightauth=eap-mschapv2
  174. Sat, 2017-04-29 21:56 11[CFG] eap_identity=%any
  175. Sat, 2017-04-29 21:56 11[CFG] ike=aes256gcm16-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024!
  176. Sat, 2017-04-29 21:56 11[CFG] esp=aes128gcm16-aes128gcm12-modp2048,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024!
  177. Sat, 2017-04-29 21:56 11[CFG] dpddelay=35
  178. Sat, 2017-04-29 21:56 11[CFG] dpdtimeout=300
  179. Sat, 2017-04-29 21:56 11[CFG] dpdaction=1
  180. Sat, 2017-04-29 21:56 11[CFG] mediation=no
  181. Sat, 2017-04-29 21:56 11[CFG] keyexchange=ikev2
  182. Sat, 2017-04-29 21:56 11[CFG] loaded certificate "CN=vpn.h31.ishere.ru" from 'vpn.h31.ishere.ru.crt'
  183. Sat, 2017-04-29 21:56 11[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=vpn.h31.ishere.ru'
  184. Sat, 2017-04-29 21:56 11[CFG] added configuration 'mobile'
  185. Sat, 2017-04-29 21:56 08[CFG] received stroke: add connection 'windows'
  186. Sat, 2017-04-29 21:56 08[CFG] conn windows
  187. Sat, 2017-04-29 21:56 08[CFG] left=%any
  188. Sat, 2017-04-29 21:56 08[CFG] leftsubnet=0.0.0.0/0,::/0
  189. Sat, 2017-04-29 21:56 08[CFG] leftauth=pubkey
  190. Sat, 2017-04-29 21:56 08[CFG] leftcert=vpn.h31.ishere.ru.crt
  191. Sat, 2017-04-29 21:56 08[CFG] leftupdown=ipsec _updown iptables
  192. Sat, 2017-04-29 21:56 08[CFG] right=%any
  193. Sat, 2017-04-29 21:56 08[CFG] rightsourceip=%dhcp
  194. Sat, 2017-04-29 21:56 08[CFG] rightauth=pubkey
  195. Sat, 2017-04-29 21:56 08[CFG] rightcert=windows.crt
  196. Sat, 2017-04-29 21:56 08[CFG] ike=aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
  197. Sat, 2017-04-29 21:56 08[CFG] esp=aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,aes128-aes256-sha1-sha256,aes128-sha1,3des-sha1!
  198. Sat, 2017-04-29 21:56 08[CFG] dpddelay=35
  199. Sat, 2017-04-29 21:56 08[CFG] dpdtimeout=300
  200. Sat, 2017-04-29 21:56 08[CFG] dpdaction=1
  201. Sat, 2017-04-29 21:56 08[CFG] mediation=no
  202. Sat, 2017-04-29 21:56 08[CFG] keyexchange=ikev2
  203. Sat, 2017-04-29 21:56 08[CFG] loaded certificate "CN=vpn.h31.ishere.ru" from 'vpn.h31.ishere.ru.crt'
  204. Sat, 2017-04-29 21:56 08[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=vpn.h31.ishere.ru'
  205. Sat, 2017-04-29 21:56 08[LIB] opening '/etc/ipsec.d/certs/windows.crt' failed: Permission denied
  206. Sat, 2017-04-29 21:56 08[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders
  207. Sat, 2017-04-29 21:56 08[CFG] loading certificate from 'windows.crt' failed
  208. Sat, 2017-04-29 21:56 08[CFG] added configuration 'windows'
  209. Sat, 2017-04-29 21:56 04[CFG] received stroke: add connection 'vps'
  210. Sat, 2017-04-29 21:56 04[CFG] conn vps
  211. Sat, 2017-04-29 21:56 04[CFG] left=%any
  212. Sat, 2017-04-29 21:56 04[CFG] leftsubnet=192.168.1.1/24
  213. Sat, 2017-04-29 21:56 04[CFG] leftauth=pubkey
  214. Sat, 2017-04-29 21:56 04[CFG] leftcert=vpn.h31.ishere.ru.crt
  215. Sat, 2017-04-29 21:56 04[CFG] leftupdown=ipsec _updown iptables
  216. Sat, 2017-04-29 21:56 04[CFG] right=%any
  217. Sat, 2017-04-29 21:56 04[CFG] rightsourceip=%dhcp
  218. Sat, 2017-04-29 21:56 04[CFG] rightauth=pubkey
  219. Sat, 2017-04-29 21:56 04[CFG] rightid=vps
  220. Sat, 2017-04-29 21:56 04[CFG] rightcert=vps.crt
  221. Sat, 2017-04-29 21:56 04[CFG] ike=aes256gcm16-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024!
  222. Sat, 2017-04-29 21:56 04[CFG] esp=aes128ctr-sha1-sha256-modp2048!
  223. Sat, 2017-04-29 21:56 04[CFG] dpddelay=35
  224. Sat, 2017-04-29 21:56 04[CFG] dpdtimeout=300
  225. Sat, 2017-04-29 21:56 04[CFG] dpdaction=1
  226. Sat, 2017-04-29 21:56 04[CFG] mediation=no
  227. Sat, 2017-04-29 21:56 04[CFG] keyexchange=ikev2
  228. Sat, 2017-04-29 21:56 04[CFG] loaded certificate "CN=vpn.h31.ishere.ru" from 'vpn.h31.ishere.ru.crt'
  229. Sat, 2017-04-29 21:56 04[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=vpn.h31.ishere.ru'
  230. Sat, 2017-04-29 21:56 04[CFG] loaded certificate "CN=vps" from 'vps.crt'
  231. Sat, 2017-04-29 21:56 04[CFG] added configuration 'vps'
  232. Sat, 2017-04-29 21:56 07[NET] <1> received packet: from 195.209.231.150[500] to 192.168.1.110[500] (448 bytes)
  233. Sat, 2017-04-29 21:56 07[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
  234. Sat, 2017-04-29 21:56 07[CFG] <1> looking for an ike config for 192.168.1.110...195.209.231.150
  235. Sat, 2017-04-29 21:56 07[CFG] <1> candidate: %any...%any, prio 28
  236. Sat, 2017-04-29 21:56 07[CFG] <1> candidate: %any...%any, prio 28
  237. Sat, 2017-04-29 21:56 07[CFG] <1> candidate: %any...%any, prio 28
  238. Sat, 2017-04-29 21:56 07[CFG] <1> candidate: %any...%any, prio 28
  239. Sat, 2017-04-29 21:56 07[CFG] <1> candidate: %any...%any, prio 28
  240. Sat, 2017-04-29 21:56 07[CFG] <1> found matching ike config: %any...%any with prio 28
  241. Sat, 2017-04-29 21:56 07[IKE] <1> 195.209.231.150 is initiating an IKE_SA
  242. Sat, 2017-04-29 21:56 07[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
  243. Sat, 2017-04-29 21:56 07[CFG] <1> selecting proposal:
  244. Sat, 2017-04-29 21:56 07[CFG] <1> proposal matches
  245. Sat, 2017-04-29 21:56 07[CFG] <1> received proposals: IKE:AES_GCM_16_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  246. Sat, 2017-04-29 21:56 07[CFG] <1> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/AES_CBC_128/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_4096/MODP_1024
  247. Sat, 2017-04-29 21:56 07[CFG] <1> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
  248. Sat, 2017-04-29 21:56 07[CFG] <1> received supported signature hash algorithms: sha1 sha256 sha384 sha512
  249. Sat, 2017-04-29 21:56 08[NET] <2> received packet: from 51.15.41.30[500] to 192.168.1.110[500] (456 bytes)
  250. Sat, 2017-04-29 21:56 08[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
  251. Sat, 2017-04-29 21:56 08[CFG] <2> looking for an ike config for 192.168.1.110...51.15.41.30
  252. Sat, 2017-04-29 21:56 08[CFG] <2> candidate: %any...%any, prio 28
  253. Sat, 2017-04-29 21:56 08[CFG] <2> candidate: %any...%any, prio 28
  254. Sat, 2017-04-29 21:56 08[CFG] <2> candidate: %any...%any, prio 28
  255. Sat, 2017-04-29 21:56 08[CFG] <2> candidate: %any...%any, prio 28
  256. Sat, 2017-04-29 21:56 08[CFG] <2> candidate: %any...%any, prio 28
  257. Sat, 2017-04-29 21:56 08[CFG] <2> found matching ike config: %any...%any with prio 28
  258. Sat, 2017-04-29 21:56 08[IKE] <2> 51.15.41.30 is initiating an IKE_SA
  259. Sat, 2017-04-29 21:56 08[IKE] <2> IKE_SA (unnamed)[2] state change: CREATED => CONNECTING
  260. Sat, 2017-04-29 21:56 08[CFG] <2> selecting proposal:
  261. Sat, 2017-04-29 21:56 08[CFG] <2> proposal matches
  262. Sat, 2017-04-29 21:56 08[CFG] <2> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
  263. Sat, 2017-04-29 21:56 08[CFG] <2> configured proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/AES_CBC_128/HMAC_SHA2_256_128/HMAC_SHA1_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/MODP_2048/MODP_4096/MODP_1024
  264. Sat, 2017-04-29 21:56 08[CFG] <2> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
  265. Sat, 2017-04-29 21:56 08[CFG] <2> received supported signature hash algorithms: sha1 sha256 sha384 sha512
  266. Sat, 2017-04-29 21:56 07[LIB] <1> size of DH secret exponent: 2047 bits
  267. Sat, 2017-04-29 21:56 08[LIB] <2> size of DH secret exponent: 2047 bits
  268. Sat, 2017-04-29 21:56 07[IKE] <1> local host is behind NAT, sending keep alives
  269. Sat, 2017-04-29 21:56 07[IKE] <1> remote host is behind NAT
  270. Sat, 2017-04-29 21:56 07[CFG] <1> sending supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
  271. Sat, 2017-04-29 21:56 07[IKE] <1> sending cert request for "CN=Artyom CA"
  272. Sat, 2017-04-29 21:56 07[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
  273. Sat, 2017-04-29 21:56 07[NET] <1> sending packet: from 192.168.1.110[500] to 195.209.231.150[500] (475 bytes)
  274. Sat, 2017-04-29 21:56 13[NET] <1> received packet: from 195.209.231.150[4500] to 192.168.1.110[4500] (1024 bytes)
  275. Sat, 2017-04-29 21:56 13[ENC] <1> parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
  276. Sat, 2017-04-29 21:56 13[IKE] <1> received cert request for "CN=Artyom CA"
  277. Sat, 2017-04-29 21:56 13[IKE] <1> received end entity cert "CN=work"
  278. Sat, 2017-04-29 21:56 13[CFG] <1> looking for peer configs matching 192.168.1.110[%any]...195.209.231.150[work]
  279. Sat, 2017-04-29 21:56 13[CFG] <1> candidate "work", match: 1/20/28 (me/other/ike)
  280. Sat, 2017-04-29 21:56 13[CFG] <1> candidate "mobile", match: 1/1/28 (me/other/ike)
  281. Sat, 2017-04-29 21:56 13[CFG] <1> candidate "windows", match: 1/1/28 (me/other/ike)
  282. Sat, 2017-04-29 21:56 13[CFG] <work|1> selected peer config 'work'
  283. Sat, 2017-04-29 21:56 13[CFG] <work|1> using certificate "CN=work"
  284. Sat, 2017-04-29 21:56 13[CFG] <work|1> certificate "CN=work" key: 384 bit ECDSA
  285. Sat, 2017-04-29 21:56 08[IKE] <2> local host is behind NAT, sending keep alives
  286. Sat, 2017-04-29 21:56 08[IKE] <2> remote host is behind NAT
  287. Sat, 2017-04-29 21:56 08[CFG] <2> sending supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
  288. Sat, 2017-04-29 21:56 08[IKE] <2> sending cert request for "CN=Artyom CA"
  289. Sat, 2017-04-29 21:56 08[ENC] <2> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
  290. Sat, 2017-04-29 21:56 13[CFG] <work|1> using trusted ca certificate "CN=Artyom CA"
  291. Sat, 2017-04-29 21:56 08[NET] <2> sending packet: from 192.168.1.110[500] to 51.15.41.30[500] (483 bytes)
  292. Sat, 2017-04-29 21:56 13[CFG] <work|1> checking certificate status of "CN=work"
  293. Sat, 2017-04-29 21:56 13[CFG] <work|1> ocsp check skipped, no ocsp found
  294. Sat, 2017-04-29 21:56 13[CFG] <work|1> certificate status is not available
  295. Sat, 2017-04-29 21:56 13[CFG] <work|1> certificate "CN=Artyom CA" key: 384 bit ECDSA
  296. Sat, 2017-04-29 21:56 13[CFG] <work|1> reached self-signed root ca with a path length of 0
  297. Sat, 2017-04-29 21:56 13[IKE] <work|1> authentication of 'work' with ECDSA_WITH_SHA384_DER successful
  298. Sat, 2017-04-29 21:56 13[IKE] <work|1> processing INTERNAL_IP4_ADDRESS attribute
  299. Sat, 2017-04-29 21:56 13[IKE] <work|1> processing INTERNAL_IP6_ADDRESS attribute
  300. Sat, 2017-04-29 21:56 13[IKE] <work|1> processing INTERNAL_IP4_DNS attribute
  301. Sat, 2017-04-29 21:56 13[IKE] <work|1> processing INTERNAL_IP6_DNS attribute
  302. Sat, 2017-04-29 21:56 13[IKE] <work|1> peer supports MOBIKE
  303. Sat, 2017-04-29 21:56 13[IKE] <work|1> got additional MOBIKE peer address: 10.140.20.1
  304. Sat, 2017-04-29 21:56 13[IKE] <work|1> authentication of 'CN=vpn.h31.ishere.ru' (myself) with ECDSA_WITH_SHA384_DER successful
  305. Sat, 2017-04-29 21:56 13[IKE] <work|1> IKE_SA work[1] established between 192.168.1.110[CN=vpn.h31.ishere.ru]...195.209.231.150[work]
  306. Sat, 2017-04-29 21:56 13[IKE] <work|1> IKE_SA work[1] state change: CONNECTING => ESTABLISHED
  307. Sat, 2017-04-29 21:56 13[IKE] <work|1> scheduling reauthentication in 10250s
  308. Sat, 2017-04-29 21:56 13[IKE] <work|1> maximum IKE_SA lifetime 10790s
  309. Sat, 2017-04-29 21:56 13[IKE] <work|1> sending end entity cert "CN=vpn.h31.ishere.ru"
  310. Sat, 2017-04-29 21:56 13[IKE] <work|1> peer requested virtual IP 192.168.1.120
  311. Sat, 2017-04-29 21:56 13[CFG] <work|1> sending DHCP DISCOVER to 255.255.255.255
  312. Sat, 2017-04-29 21:56 04[CFG] received DHCP OFFER 192.168.1.120 from 192.168.1.1
  313. Sat, 2017-04-29 21:56 13[CFG] <work|1> sending DHCP REQUEST for 192.168.1.120 to 192.168.1.1
  314. Sat, 2017-04-29 21:56 05[CFG] received DHCP ACK for 192.168.1.120
  315. Sat, 2017-04-29 21:56 13[IKE] <work|1> assigning virtual IP 192.168.1.120 to peer 'work'
  316. Sat, 2017-04-29 21:56 13[IKE] <work|1> peer requested virtual IP fd00:7306:6bc5::1
  317. Sat, 2017-04-29 21:56 13[CFG] <work|1> assigning new lease to 'work'
  318. Sat, 2017-04-29 21:56 13[IKE] <work|1> assigning virtual IP fd00:7306:6bc5::1 to peer 'work'
  319. Sat, 2017-04-29 21:56 13[IKE] <work|1> building INTERNAL_IP4_DNS attribute
  320. Sat, 2017-04-29 21:56 13[CFG] <work|1> looking for a child config for 192.168.1.110/32 192.168.1.200/32 ::/0 === 0.0.0.0/0 ::/0
  321. Sat, 2017-04-29 21:56 13[CFG] <work|1> proposing traffic selectors for us:
  322. Sat, 2017-04-29 21:56 13[CFG] <work|1> 192.168.1.0/24
  323. Sat, 2017-04-29 21:56 13[CFG] <work|1> ::/0
  324. Sat, 2017-04-29 21:56 13[CFG] <work|1> proposing traffic selectors for other:
  325. Sat, 2017-04-29 21:56 13[CFG] <work|1> 192.168.1.120/32
  326. Sat, 2017-04-29 21:56 13[CFG] <work|1> fd00:7306:6bc5::1/128
  327. Sat, 2017-04-29 21:56 13[CFG] <work|1> candidate "work" with prio 10+3
  328. Sat, 2017-04-29 21:56 13[CFG] <work|1> found matching child config "work" with prio 13
  329. Sat, 2017-04-29 21:56 13[CFG] <work|1> selecting proposal:
  330. Sat, 2017-04-29 21:56 13[CFG] <work|1> proposal matches
  331. Sat, 2017-04-29 21:56 13[CFG] <work|1> received proposals: ESP:AES_CTR_128/HMAC_SHA1_96/HMAC_SHA2_256_128/NO_EXT_SEQ
  332. Sat, 2017-04-29 21:56 13[CFG] <work|1> configured proposals: ESP:AES_CTR_128/HMAC_SHA1_96/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
  333. Sat, 2017-04-29 21:56 13[CFG] <work|1> selected proposal: ESP:AES_CTR_128/HMAC_SHA1_96/NO_EXT_SEQ
  334. Sat, 2017-04-29 21:56 13[KNL] <work|1> got SPI c5e54cd7
  335. Sat, 2017-04-29 21:56 13[CFG] <work|1> selecting traffic selectors for us:
  336. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: 192.168.1.0/24, received: 192.168.1.110/32 => match: 192.168.1.110/32
  337. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: 192.168.1.0/24, received: 192.168.1.200/32 => match: 192.168.1.200/32
  338. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: 192.168.1.0/24, received: ::/0 => no match
  339. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: ::/0, received: 192.168.1.110/32 => no match
  340. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: ::/0, received: 192.168.1.200/32 => no match
  341. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: ::/0, received: ::/0 => match: ::/0
  342. Sat, 2017-04-29 21:56 13[CFG] <work|1> selecting traffic selectors for other:
  343. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: 192.168.1.120/32, received: 0.0.0.0/0 => match: 192.168.1.120/32
  344. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: 192.168.1.120/32, received: ::/0 => no match
  345. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: fd00:7306:6bc5::1/128, received: 0.0.0.0/0 => no match
  346. Sat, 2017-04-29 21:56 13[CFG] <work|1> config: fd00:7306:6bc5::1/128, received: ::/0 => match: fd00:7306:6bc5::1/128
  347. Sat, 2017-04-29 21:56 13[CHD] <work|1> using AES_CTR for encryption
  348. Sat, 2017-04-29 21:56 13[CHD] <work|1> using HMAC_SHA1_96 for integrity
  349. Sat, 2017-04-29 21:56 13[CHD] <work|1> adding inbound ESP SA
  350. Sat, 2017-04-29 21:56 13[CHD] <work|1> SPI 0xc5e54cd7, src 195.209.231.150 dst 192.168.1.110
  351. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding SAD entry with SPI c5e54cd7 and reqid {1}
  352. Sat, 2017-04-29 21:56 13[KNL] <work|1> using encryption algorithm AES_CTR with key size 160
  353. Sat, 2017-04-29 21:56 13[KNL] <work|1> using integrity algorithm HMAC_SHA1_96 with key size 160
  354. Sat, 2017-04-29 21:56 13[KNL] <work|1> using replay window of 32 packets
  355. Sat, 2017-04-29 21:56 13[CHD] <work|1> adding outbound ESP SA
  356. Sat, 2017-04-29 21:56 13[CHD] <work|1> SPI 0xc187487e, src 192.168.1.110 dst 195.209.231.150
  357. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding SAD entry with SPI c187487e and reqid {1}
  358. Sat, 2017-04-29 21:56 13[KNL] <work|1> using encryption algorithm AES_CTR with key size 160
  359. Sat, 2017-04-29 21:56 13[KNL] <work|1> using integrity algorithm HMAC_SHA1_96 with key size 160
  360. Sat, 2017-04-29 21:56 13[KNL] <work|1> using replay window of 0 packets
  361. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.110/32 === 192.168.1.120/32 out [priority 567231, refcount 1]
  362. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.120/32 === 192.168.1.110/32 in [priority 567231, refcount 1]
  363. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.120/32 === 192.168.1.110/32 fwd [priority 567231, refcount 1]
  364. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.110/32 === 192.168.1.120/32 out already exists, increasing refcount
  365. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.110/32 === 192.168.1.120/32 out [priority 367231, refcount 2]
  366. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting a local address in traffic selector 192.168.1.110/32
  367. Sat, 2017-04-29 21:56 13[KNL] <work|1> using host 192.168.1.110
  368. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting iface name for index 2
  369. Sat, 2017-04-29 21:56 13[KNL] <work|1> using 192.168.1.1 as nexthop and eth0 as dev to reach 195.209.231.150/32
  370. Sat, 2017-04-29 21:56 13[KNL] <work|1> installing route: 192.168.1.120/32 via 192.168.1.1 src 192.168.1.110 dev eth0
  371. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting iface index for eth0
  372. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.120/32 === 192.168.1.110/32 in already exists, increasing refcount
  373. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.120/32 === 192.168.1.110/32 in [priority 367231, refcount 2]
  374. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.120/32 === 192.168.1.110/32 fwd already exists, increasing refcount
  375. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.120/32 === 192.168.1.110/32 fwd [priority 367231, refcount 2]
  376. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.200/32 === 192.168.1.120/32 out [priority 567231, refcount 1]
  377. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.120/32 === 192.168.1.200/32 in [priority 567231, refcount 1]
  378. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy 192.168.1.120/32 === 192.168.1.200/32 fwd [priority 567231, refcount 1]
  379. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.200/32 === 192.168.1.120/32 out already exists, increasing refcount
  380. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.200/32 === 192.168.1.120/32 out [priority 367231, refcount 2]
  381. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting a local address in traffic selector 192.168.1.200/32
  382. Sat, 2017-04-29 21:56 13[KNL] <work|1> no local address found in traffic selector 192.168.1.200/32
  383. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.120/32 === 192.168.1.200/32 in already exists, increasing refcount
  384. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.120/32 === 192.168.1.200/32 in [priority 367231, refcount 2]
  385. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy 192.168.1.120/32 === 192.168.1.200/32 fwd already exists, increasing refcount
  386. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy 192.168.1.120/32 === 192.168.1.200/32 fwd [priority 367231, refcount 2]
  387. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy ::/0 === fd00:7306:6bc5::1/128 out [priority 534463, refcount 1]
  388. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy fd00:7306:6bc5::1/128 === ::/0 in [priority 534463, refcount 1]
  389. Sat, 2017-04-29 21:56 13[KNL] <work|1> adding policy fd00:7306:6bc5::1/128 === ::/0 fwd [priority 534463, refcount 1]
  390. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy ::/0 === fd00:7306:6bc5::1/128 out already exists, increasing refcount
  391. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy ::/0 === fd00:7306:6bc5::1/128 out [priority 334463, refcount 2]
  392. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting a local address in traffic selector ::/0
  393. Sat, 2017-04-29 21:56 13[KNL] <work|1> using host %any6
  394. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting iface name for index 2
  395. Sat, 2017-04-29 21:56 13[KNL] <work|1> using 192.168.1.1 as nexthop and eth0 as dev to reach 195.209.231.150/32
  396. Sat, 2017-04-29 21:56 13[KNL] <work|1> installing route: fd00:7306:6bc5::1/128 via 192.168.1.1 src %any6 dev eth0
  397. Sat, 2017-04-29 21:56 13[KNL] <work|1> getting iface index for eth0
  398. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy fd00:7306:6bc5::1/128 === ::/0 in already exists, increasing refcount
  399. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy fd00:7306:6bc5::1/128 === ::/0 in [priority 334463, refcount 2]
  400. Sat, 2017-04-29 21:56 13[KNL] <work|1> policy fd00:7306:6bc5::1/128 === ::/0 fwd already exists, increasing refcount
  401. Sat, 2017-04-29 21:56 13[KNL] <work|1> updating policy fd00:7306:6bc5::1/128 === ::/0 fwd [priority 334463, refcount 2]
  402. Sat, 2017-04-29 21:56 13[IKE] <work|1> CHILD_SA work{1} established with SPIs c5e54cd7_i c187487e_o and TS 192.168.1.110/32 192.168.1.200/32 ::/0 === 192.168.1.120/32 fd00:7306:6bc5::1/128
  403. Sat, 2017-04-29 21:56 13[KNL] <work|1> 192.168.1.110 is on interface eth0
  404. Sat, 2017-04-29 21:56 09[NET] <2> received packet: from 51.15.41.30[4500] to 192.168.1.110[4500] (895 bytes)
  405. Sat, 2017-04-29 21:56 13[KNL] <work|1> 192.168.1.110 is on interface eth0
  406. Sat, 2017-04-29 21:56 13[KNL] <work|1> 192.168.1.110 is on interface eth0
  407. Sat, 2017-04-29 21:56 13[ENC] <work|1> generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR ADDR6 DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
  408. Sat, 2017-04-29 21:56 09[ENC] <2> parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
  409. Sat, 2017-04-29 21:56 09[IKE] <2> received cert request for "CN=Artyom CA"
  410. Sat, 2017-04-29 21:56 13[NET] <work|1> sending packet: from 192.168.1.110[4500] to 195.209.231.150[4500] (1104 bytes)
  411. Sat, 2017-04-29 21:56 09[IKE] <2> received end entity cert "CN=vps"
  412. Sat, 2017-04-29 21:56 09[CFG] <2> looking for peer configs matching 192.168.1.110[%any]...51.15.41.30[vps]
  413. Sat, 2017-04-29 21:56 09[CFG] <2> candidate "mobile", match: 1/1/28 (me/other/ike)
  414. Sat, 2017-04-29 21:56 09[CFG] <2> candidate "windows", match: 1/1/28 (me/other/ike)
  415. Sat, 2017-04-29 21:56 09[CFG] <2> candidate "vps", match: 1/20/28 (me/other/ike)
  416. Sat, 2017-04-29 21:56 09[CFG] <vps|2> selected peer config 'vps'
  417. Sat, 2017-04-29 21:56 09[CFG] <vps|2> certificate "CN=vps" key: 384 bit ECDSA
  418. Sat, 2017-04-29 21:56 09[CFG] <vps|2> using trusted ca certificate "CN=Artyom CA"
  419. Sat, 2017-04-29 21:56 09[CFG] <vps|2> checking certificate status of "CN=vps"
  420. Sat, 2017-04-29 21:56 09[CFG] <vps|2> ocsp check skipped, no ocsp found
  421. Sat, 2017-04-29 21:56 09[CFG] <vps|2> certificate status is not available
  422. Sat, 2017-04-29 21:56 09[CFG] <vps|2> certificate "CN=Artyom CA" key: 384 bit ECDSA
  423. Sat, 2017-04-29 21:56 09[CFG] <vps|2> reached self-signed root ca with a path length of 0
  424. Sat, 2017-04-29 21:56 09[CFG] <vps|2> using trusted certificate "CN=vps"
  425. Sat, 2017-04-29 21:56 09[IKE] <vps|2> authentication of 'vps' with ECDSA_WITH_SHA384_DER successful
  426. Sat, 2017-04-29 21:56 09[IKE] <vps|2> processing INTERNAL_IP4_ADDRESS attribute
  427. Sat, 2017-04-29 21:56 09[IKE] <vps|2> processing INTERNAL_IP4_DNS attribute
  428. Sat, 2017-04-29 21:56 09[IKE] <vps|2> peer supports MOBIKE
  429. Sat, 2017-04-29 21:56 09[IKE] <vps|2> authentication of 'CN=vpn.h31.ishere.ru' (myself) with ECDSA_WITH_SHA384_DER successful
  430. Sat, 2017-04-29 21:56 09[IKE] <vps|2> IKE_SA vps[2] established between 192.168.1.110[CN=vpn.h31.ishere.ru]...51.15.41.30[vps]
  431. Sat, 2017-04-29 21:56 09[IKE] <vps|2> IKE_SA vps[2] state change: CONNECTING => ESTABLISHED
  432. Sat, 2017-04-29 21:56 09[IKE] <vps|2> scheduling reauthentication in 9808s
  433. Sat, 2017-04-29 21:56 09[IKE] <vps|2> maximum IKE_SA lifetime 10348s
  434. Sat, 2017-04-29 21:56 09[IKE] <vps|2> sending end entity cert "CN=vpn.h31.ishere.ru"
  435. Sat, 2017-04-29 21:56 09[IKE] <vps|2> peer requested virtual IP 192.168.1.200
  436. Sat, 2017-04-29 21:56 09[CFG] <vps|2> sending DHCP DISCOVER to 255.255.255.255
  437. Sat, 2017-04-29 21:56 12[CFG] received DHCP OFFER 192.168.1.200 from 192.168.1.1
  438. Sat, 2017-04-29 21:56 09[CFG] <vps|2> sending DHCP REQUEST for 192.168.1.200 to 192.168.1.1
  439. Sat, 2017-04-29 21:56 07[CFG] received DHCP ACK for 192.168.1.200
  440. Sat, 2017-04-29 21:56 09[IKE] <vps|2> assigning virtual IP 192.168.1.200 to peer 'vps'
  441. Sat, 2017-04-29 21:56 09[IKE] <vps|2> building INTERNAL_IP4_DNS attribute
  442. Sat, 2017-04-29 21:56 09[CFG] <vps|2> looking for a child config for 192.168.1.0/24 === 0.0.0.0/0
  443. Sat, 2017-04-29 21:56 09[CFG] <vps|2> proposing traffic selectors for us:
  444. Sat, 2017-04-29 21:56 09[CFG] <vps|2> 192.168.1.0/24
  445. Sat, 2017-04-29 21:56 09[CFG] <vps|2> proposing traffic selectors for other:
  446. Sat, 2017-04-29 21:56 09[CFG] <vps|2> 192.168.1.200/32
  447. Sat, 2017-04-29 21:56 09[CFG] <vps|2> candidate "vps" with prio 5+1
  448. Sat, 2017-04-29 21:56 09[CFG] <vps|2> found matching child config "vps" with prio 6
  449. Sat, 2017-04-29 21:56 09[CFG] <vps|2> selecting proposal:
  450. Sat, 2017-04-29 21:56 09[CFG] <vps|2> proposal matches
  451. Sat, 2017-04-29 21:56 09[CFG] <vps|2> received proposals: ESP:AES_CTR_128/HMAC_SHA1_96/HMAC_SHA2_256_128/NO_EXT_SEQ
  452. Sat, 2017-04-29 21:56 09[CFG] <vps|2> configured proposals: ESP:AES_CTR_128/HMAC_SHA1_96/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
  453. Sat, 2017-04-29 21:56 09[CFG] <vps|2> selected proposal: ESP:AES_CTR_128/HMAC_SHA1_96/NO_EXT_SEQ
  454. Sat, 2017-04-29 21:56 09[KNL] <vps|2> got SPI c9d1126b
  455. Sat, 2017-04-29 21:56 09[CFG] <vps|2> selecting traffic selectors for us:
  456. Sat, 2017-04-29 21:56 09[CFG] <vps|2> config: 192.168.1.0/24, received: 192.168.1.0/24 => match: 192.168.1.0/24
  457. Sat, 2017-04-29 21:56 09[CFG] <vps|2> selecting traffic selectors for other:
  458. Sat, 2017-04-29 21:56 09[CFG] <vps|2> config: 192.168.1.200/32, received: 0.0.0.0/0 => match: 192.168.1.200/32
  459. Sat, 2017-04-29 21:56 09[CHD] <vps|2> using AES_CTR for encryption
  460. Sat, 2017-04-29 21:56 09[CHD] <vps|2> using HMAC_SHA1_96 for integrity
  461. Sat, 2017-04-29 21:56 09[CHD] <vps|2> adding inbound ESP SA
  462. Sat, 2017-04-29 21:56 09[CHD] <vps|2> SPI 0xc9d1126b, src 51.15.41.30 dst 192.168.1.110
  463. Sat, 2017-04-29 21:56 09[KNL] <vps|2> adding SAD entry with SPI c9d1126b and reqid {2}
  464. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using encryption algorithm AES_CTR with key size 160
  465. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using integrity algorithm HMAC_SHA1_96 with key size 160
  466. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using replay window of 32 packets
  467. Sat, 2017-04-29 21:56 09[CHD] <vps|2> adding outbound ESP SA
  468. Sat, 2017-04-29 21:56 09[CHD] <vps|2> SPI 0xc55b86e2, src 192.168.1.110 dst 51.15.41.30
  469. Sat, 2017-04-29 21:56 09[KNL] <vps|2> adding SAD entry with SPI c55b86e2 and reqid {2}
  470. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using encryption algorithm AES_CTR with key size 160
  471. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using integrity algorithm HMAC_SHA1_96 with key size 160
  472. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using replay window of 0 packets
  473. Sat, 2017-04-29 21:56 09[KNL] <vps|2> adding policy 192.168.1.0/24 === 192.168.1.200/32 out [priority 571327, refcount 1]
  474. Sat, 2017-04-29 21:56 09[KNL] <vps|2> adding policy 192.168.1.200/32 === 192.168.1.0/24 in [priority 571327, refcount 1]
  475. Sat, 2017-04-29 21:56 09[KNL] <vps|2> adding policy 192.168.1.200/32 === 192.168.1.0/24 fwd [priority 571327, refcount 1]
  476. Sat, 2017-04-29 21:56 09[KNL] <vps|2> policy 192.168.1.0/24 === 192.168.1.200/32 out already exists, increasing refcount
  477. Sat, 2017-04-29 21:56 09[KNL] <vps|2> updating policy 192.168.1.0/24 === 192.168.1.200/32 out [priority 371327, refcount 2]
  478. Sat, 2017-04-29 21:56 09[KNL] <vps|2> getting a local address in traffic selector 192.168.1.0/24
  479. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using host 192.168.1.110
  480. Sat, 2017-04-29 21:56 09[KNL] <vps|2> getting iface name for index 2
  481. Sat, 2017-04-29 21:56 09[KNL] <vps|2> using 192.168.1.1 as nexthop and eth0 as dev to reach 51.15.41.30/32
  482. Sat, 2017-04-29 21:56 09[KNL] <vps|2> installing route: 192.168.1.200/32 via 192.168.1.1 src 192.168.1.110 dev eth0
  483. Sat, 2017-04-29 21:56 09[KNL] <vps|2> getting iface index for eth0
  484. Sat, 2017-04-29 21:56 09[KNL] <vps|2> policy 192.168.1.200/32 === 192.168.1.0/24 in already exists, increasing refcount
  485. Sat, 2017-04-29 21:56 09[KNL] <vps|2> updating policy 192.168.1.200/32 === 192.168.1.0/24 in [priority 371327, refcount 2]
  486. Sat, 2017-04-29 21:56 09[KNL] <vps|2> policy 192.168.1.200/32 === 192.168.1.0/24 fwd already exists, increasing refcount
  487. Sat, 2017-04-29 21:56 09[KNL] <vps|2> updating policy 192.168.1.200/32 === 192.168.1.0/24 fwd [priority 371327, refcount 2]
  488. Sat, 2017-04-29 21:56 09[IKE] <vps|2> CHILD_SA vps{2} established with SPIs c9d1126b_i c55b86e2_o and TS 192.168.1.0/24 === 192.168.1.200/32
  489. Sat, 2017-04-29 21:56 09[KNL] <vps|2> 192.168.1.110 is on interface eth0
  490. Sat, 2017-04-29 21:56 09[ENC] <vps|2> generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
  491. Sat, 2017-04-29 21:56 09[NET] <vps|2> sending packet: from 192.168.1.110[4500] to 51.15.41.30[4500] (986 bytes)
  492. Sat, 2017-04-29 21:56 15[CFG] vici client 1 connected
  493. Sat, 2017-04-29 21:56 13[CFG] vici client 1 registered for: list-sa
  494. Sat, 2017-04-29 21:56 09[CFG] vici client 1 requests: list-sas
  495. Sat, 2017-04-29 21:56 09[KNL] <vps|2> querying SAD entry with SPI c9d1126b
  496. Sat, 2017-04-29 21:56 09[KNL] <vps|2> querying SAD entry with SPI c55b86e2
  497. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying SAD entry with SPI c5e54cd7
  498. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.120/32 === 192.168.1.110/32 in
  499. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.120/32 === 192.168.1.110/32 fwd
  500. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.120/32 === 192.168.1.200/32 in
  501. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.120/32 === 192.168.1.200/32 fwd
  502. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy fd00:7306:6bc5::1/128 === ::/0 in
  503. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy fd00:7306:6bc5::1/128 === ::/0 fwd
  504. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying SAD entry with SPI c187487e
  505. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.110/32 === 192.168.1.120/32 out
  506. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy 192.168.1.200/32 === 192.168.1.120/32 out
  507. Sat, 2017-04-29 21:56 09[KNL] <work|1> querying policy ::/0 === fd00:7306:6bc5::1/128 out
  508. Sat, 2017-04-29 21:56 10[CFG] vici client 1 disconnected
  509. Sat, 2017-04-29 21:56 12[KNL] <work|1> querying policy 192.168.1.110/32 === 192.168.1.120/32 out
  510. Sat, 2017-04-29 21:56 12[KNL] <work|1> querying policy 192.168.1.200/32 === 192.168.1.120/32 out
  511. Sat, 2017-04-29 21:56 12[KNL] <work|1> querying policy ::/0 === fd00:7306:6bc5::1/128 out
  512. Sat, 2017-04-29 21:56 08[KNL] <vps|2> querying policy 192.168.1.0/24 === 192.168.1.200/32 out
  513. Sat, 2017-04-29 21:56 08[KNL] <vps|2> querying SAD entry with SPI c55b86e2
  514. Sat, 2017-04-29 21:56 07[KNL] <vps|2> querying policy 192.168.1.0/24 === 192.168.1.200/32 out
  515. Sat, 2017-04-29 21:56 07[KNL] <vps|2> querying SAD entry with SPI c55b86e2
  516. Sat, 2017-04-29 21:56 07[IKE] <vps|2> sending keep alive to 51.15.41.30[4500]
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!