Guest User

Untitled

a guest
Aug 26th, 2010
321
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. gateway.helios.lan
  2. Thu Aug 26 17:09:25 CEST 2010
  3. + _________________________ version
  4. + ipsec --version
  5. Linux Openswan U2.6.28/K2.6.18-194.8.1.v5 (netkey)
  6. See `ipsec --copyright' for copyright information.
  7. + _________________________ /proc/version
  8. + cat /proc/version
  9. Linux version 2.6.18-194.8.1.v5 (devel@clearos5x.lan) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Thu Jul 15 01:14:04 EDT 2010
  10. + _________________________ /proc/net/ipsec_eroute
  11. + test -r /proc/net/ipsec_eroute
  12. + _________________________ netstat-rn
  13. + netstat -nr
  14. + head -n 100
  15. Kernel IP routing table
  16. Destination Gateway Genmask Flags MSS Window irtt Iface
  17. 10.81.9.204 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
  18. 10.81.9.203 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
  19. 10.97.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
  20. 85.145.148.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
  21. 0.0.0.0 85.145.148.1 0.0.0.0 UG 0 0 0 eth0
  22. + _________________________ /proc/net/ipsec_spi
  23. + test -r /proc/net/ipsec_spi
  24. + _________________________ /proc/net/ipsec_spigrp
  25. + test -r /proc/net/ipsec_spigrp
  26. + _________________________ /proc/net/ipsec_tncfg
  27. + test -r /proc/net/ipsec_tncfg
  28. + _________________________ /proc/net/pfkey
  29. + test -r /proc/net/pfkey
  30. + cat /proc/net/pfkey
  31. sk RefCnt Rmem Wmem User Inode
  32. + _________________________ ip-xfrm-state
  33. + ip xfrm state
  34. src 85.145.148.106 dst 95.96.10.129
  35. proto esp spi 0x428a7ae2 reqid 16409 mode tunnel
  36. replay-window 32 flag 20
  37. auth hmac(sha1) 0x80355ad1d31366f2d48aec500b31499cc7b13699
  38. enc cbc(aes) 0xf826a6f97b576c3f2645afa4f7ed7a6f
  39. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  40. src 85.145.148.106 dst 95.96.10.129
  41. proto esp spi 0x21bdff69 reqid 16405 mode tunnel
  42. replay-window 32 flag 20
  43. auth hmac(sha1) 0x5953d63e870a1dc036bd0d321f1887c54ab4490c
  44. enc cbc(aes) 0x8d9df67c3a606bee54dae8da20a270c8
  45. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  46. src 85.145.148.106 dst 95.96.10.129
  47. proto esp spi 0xad585a15 reqid 16409 mode tunnel
  48. replay-window 32 flag 20
  49. auth hmac(sha1) 0x744809d95ffc3caa317c5e8a15f28802556ab3bc
  50. enc cbc(aes) 0xaae9e3b4d3614e94d24acde4057e75ae
  51. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  52. src 95.96.10.129 dst 85.145.148.106
  53. proto esp spi 0x5b0be685 reqid 16409 mode tunnel
  54. replay-window 32 flag 20
  55. auth hmac(sha1) 0xa5aedbc37f2f2a3f33686b82d37893d9f86740ab
  56. enc cbc(aes) 0x808100be2786db9c1cd291da27e12b7e
  57. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  58. src 95.96.10.129 dst 85.145.148.106
  59. proto esp spi 0x099a2dc4 reqid 16405 mode tunnel
  60. replay-window 32 flag 20
  61. auth hmac(sha1) 0x05962134deeb653c881e2c3b644c493042704ef1
  62. enc cbc(aes) 0xec4e63dd515788a2e3e4418c449b20c2
  63. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  64. src 95.96.10.129 dst 85.145.148.106
  65. proto esp spi 0xad22afb1 reqid 16409 mode tunnel
  66. replay-window 32 flag 20
  67. auth hmac(sha1) 0xac919a02df53a5f0376c099de97d6d697380cd08
  68. enc cbc(aes) 0x212cce4a983bab0eee881d3a974d5412
  69. encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
  70. + _________________________ ip-xfrm-policy
  71. + ip xfrm policy
  72. src 10.81.9.204/32 dst 10.97.10.0/24
  73. dir in priority 2336
  74. tmpl src 95.96.10.129 dst 85.145.148.106
  75. proto esp reqid 16409 mode tunnel
  76. src 10.81.9.203/32 dst 10.97.10.0/24
  77. dir in priority 2336
  78. tmpl src 95.96.10.129 dst 85.145.148.106
  79. proto esp reqid 16405 mode tunnel
  80. src 10.97.10.0/24 dst 10.81.9.203/32
  81. dir out priority 2336
  82. tmpl src 85.145.148.106 dst 95.96.10.129
  83. proto esp reqid 16405 mode tunnel
  84. src 10.97.10.0/24 dst 10.81.9.204/32
  85. dir out priority 2336
  86. tmpl src 85.145.148.106 dst 95.96.10.129
  87. proto esp reqid 16409 mode tunnel
  88. src 10.81.9.204/32 dst 10.97.10.0/24
  89. dir fwd priority 2336
  90. tmpl src 95.96.10.129 dst 85.145.148.106
  91. proto esp reqid 16409 mode tunnel
  92. src 10.81.9.203/32 dst 10.97.10.0/24
  93. dir fwd priority 2336
  94. tmpl src 95.96.10.129 dst 85.145.148.106
  95. proto esp reqid 16405 mode tunnel
  96. src ::/0 dst ::/0
  97. dir in priority 0
  98. src 0.0.0.0/0 dst 0.0.0.0/0
  99. dir in priority 0
  100. src 0.0.0.0/0 dst 0.0.0.0/0
  101. dir in priority 0
  102. src 0.0.0.0/0 dst 0.0.0.0/0
  103. dir in priority 0
  104. src 0.0.0.0/0 dst 0.0.0.0/0
  105. dir in priority 0
  106. src 0.0.0.0/0 dst 0.0.0.0/0
  107. dir in priority 0
  108. src 0.0.0.0/0 dst 0.0.0.0/0
  109. dir in priority 0
  110. src ::/0 dst ::/0
  111. dir out priority 0
  112. src 0.0.0.0/0 dst 0.0.0.0/0
  113. dir out priority 0
  114. src 0.0.0.0/0 dst 0.0.0.0/0
  115. dir out priority 0
  116. src 0.0.0.0/0 dst 0.0.0.0/0
  117. dir out priority 0
  118. src 0.0.0.0/0 dst 0.0.0.0/0
  119. dir out priority 0
  120. src 0.0.0.0/0 dst 0.0.0.0/0
  121. dir out priority 0
  122. src 0.0.0.0/0 dst 0.0.0.0/0
  123. dir out priority 0
  124. + _________________________ /proc/crypto
  125. + test -r /proc/crypto
  126. + cat /proc/crypto
  127. name : deflate
  128. driver : deflate-generic
  129. module : deflate
  130. priority : 0
  131. type : compression
  132.  
  133. name : tnepres
  134. driver : tnepres-generic
  135. module : serpent
  136. priority : 0
  137. type : cipher
  138. blocksize : 16
  139. min keysize : 0
  140. max keysize : 32
  141.  
  142. name : serpent
  143. driver : serpent-generic
  144. module : serpent
  145. priority : 0
  146. type : cipher
  147. blocksize : 16
  148. min keysize : 0
  149. max keysize : 32
  150.  
  151. name : blowfish
  152. driver : blowfish-generic
  153. module : blowfish
  154. priority : 0
  155. type : cipher
  156. blocksize : 8
  157. min keysize : 4
  158. max keysize : 56
  159.  
  160. name : twofish
  161. driver : twofish-generic
  162. module : twofish
  163. priority : 0
  164. type : cipher
  165. blocksize : 16
  166. min keysize : 16
  167. max keysize : 32
  168.  
  169. name : md5
  170. driver : md5-generic
  171. module : md5
  172. priority : 0
  173. type : digest
  174. blocksize : 64
  175. digestsize : 16
  176.  
  177. name : sha256
  178. driver : sha256-generic
  179. module : sha256
  180. priority : 0
  181. type : digest
  182. blocksize : 64
  183. digestsize : 32
  184.  
  185. name : sha512
  186. driver : sha512-generic
  187. module : sha512
  188. priority : 0
  189. type : digest
  190. blocksize : 128
  191. digestsize : 64
  192.  
  193. name : sha384
  194. driver : sha384-generic
  195. module : sha512
  196. priority : 0
  197. type : digest
  198. blocksize : 128
  199. digestsize : 48
  200.  
  201. name : des3_ede
  202. driver : des3_ede-generic
  203. module : des
  204. priority : 0
  205. type : cipher
  206. blocksize : 8
  207. min keysize : 24
  208. max keysize : 24
  209.  
  210. name : des
  211. driver : des-generic
  212. module : des
  213. priority : 0
  214. type : cipher
  215. blocksize : 8
  216. min keysize : 8
  217. max keysize : 8
  218.  
  219. name : aes
  220. driver : aes-generic
  221. module : aes_generic
  222. priority : 100
  223. type : cipher
  224. blocksize : 16
  225. min keysize : 16
  226. max keysize : 32
  227.  
  228. name : aes
  229. driver : aes-i586
  230. module : aes_i586
  231. priority : 200
  232. type : cipher
  233. blocksize : 16
  234. min keysize : 16
  235. max keysize : 32
  236.  
  237. name : arc4
  238. driver : arc4-generic
  239. module : arc4
  240. priority : 0
  241. type : cipher
  242. blocksize : 1
  243. min keysize : 1
  244. max keysize : 256
  245.  
  246. name : crc32c
  247. driver : crc32c-generic
  248. module : kernel
  249. priority : 0
  250. type : digest
  251. blocksize : 32
  252. digestsize : 4
  253.  
  254. name : sha1
  255. driver : sha1-generic
  256. module : kernel
  257. priority : 0
  258. type : digest
  259. blocksize : 64
  260. digestsize : 20
  261.  
  262. + __________________________/proc/sys/net/core/xfrm-star
  263. /usr/local/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
  264. + for i in '/proc/sys/net/core/xfrm_*'
  265. + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
  266. /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
  267. 30
  268. + for i in '/proc/sys/net/core/xfrm_*'
  269. + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
  270. /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
  271. 10
  272. + for i in '/proc/sys/net/core/xfrm_*'
  273. + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
  274. /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
  275. 2
  276. + for i in '/proc/sys/net/core/xfrm_*'
  277. + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
  278. /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
  279. 0
  280. + _________________________ /proc/sys/net/ipsec-star
  281. + test -d /proc/sys/net/ipsec
  282. + _________________________ ipsec/status
  283. + ipsec auto --status
  284. 000 using kernel interface: netkey
  285. 000 interface lo/lo ::1
  286. 000 interface lo/lo 127.0.0.1
  287. 000 interface lo/lo 127.0.0.1
  288. 000 interface eth1/eth1 10.97.10.1
  289. 000 interface eth1/eth1 10.97.10.1
  290. 000 interface eth0/eth0 85.145.148.106
  291. 000 interface eth0/eth0 85.145.148.106
  292. 000 %myid = (none)
  293. 000 debug none
  294. 000
  295. 000 virtual_private (%priv):
  296. 000 - allowed 3 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
  297. 000 - disallowed 1 subnet: 10.97.10.0/24
  298. 000
  299. 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
  300. 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
  301. 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
  302. 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
  303. 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
  304. 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
  305. 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
  306. 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
  307. 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
  308. 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
  309. 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
  310. 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
  311. 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
  312. 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
  313. 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
  314. 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
  315. 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
  316. 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
  317. 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
  318. 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
  319. 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
  320. 000
  321. 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
  322. 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
  323. 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
  324. 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
  325. 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
  326. 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
  327. 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
  328. 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
  329. 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
  330. 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
  331. 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
  332. 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
  333. 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
  334. 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
  335. 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
  336. 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
  337. 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
  338. 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
  339. 000
  340. 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
  341. 000
  342. 000 "LAN": 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]...%virtual[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===?; unrouted; eroute owner: #0
  343. 000 "LAN": myip=10.97.10.1; hisip=unset; mycert=Left1024-cert.pem;
  344. 000 "LAN": CAs: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'...'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  345. 000 "LAN": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
  346. 000 "LAN": policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 24,32; interface: eth0;
  347. 000 "LAN": newest ISAKMP SA: #0; newest IPsec SA: #0;
  348. 000 "LAN"[5]: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]...95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===10.81.9.203/32; erouted; eroute owner: #80
  349. 000 "LAN"[5]: myip=10.97.10.1; hisip=unset; mycert=Left1024-cert.pem;
  350. 000 "LAN"[5]: CAs: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'...'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  351. 000 "LAN"[5]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
  352. 000 "LAN"[5]: policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 24,32; interface: eth0;
  353. 000 "LAN"[5]: newest ISAKMP SA: #101; newest IPsec SA: #80;
  354. 000 "LAN"[5]: IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
  355. 000 "LAN"[6]: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]...95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===10.81.9.204/32; erouted; eroute owner: #97
  356. 000 "LAN"[6]: myip=10.97.10.1; hisip=unset; mycert=Left1024-cert.pem;
  357. 000 "LAN"[6]: CAs: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'...'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  358. 000 "LAN"[6]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
  359. 000 "LAN"[6]: policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 24,32; interface: eth0;
  360. 000 "LAN"[6]: newest ISAKMP SA: #102; newest IPsec SA: #97;
  361. 000 "LAN"[6]: IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
  362. 000
  363. 000 #80: "LAN"[5] 95.96.10.129:4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 7913s; newest IPSEC; eroute owner; isakmp#77; idle; import:not set
  364. 000 #80: "LAN"[5] 95.96.10.129 esp.21bdff69@95.96.10.129 esp.99a2dc4@85.145.148.106 tun.0@95.96.10.129 tun.0@85.145.148.106 ref=0 refhim=4294901761
  365. 000 #101: "LAN"[5] 95.96.10.129:4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2324s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
  366. 000 #97: "LAN"[6] 95.96.10.129:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 21445s; newest IPSEC; eroute owner; isakmp#96; idle; import:not set
  367. 000 #97: "LAN"[6] 95.96.10.129 esp.428a7ae2@95.96.10.129 esp.5b0be685@85.145.148.106 tun.0@95.96.10.129 tun.0@85.145.148.106 ref=0 refhim=4294901761
  368. 000 #79: "LAN"[6] 95.96.10.129:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 8264s; isakmp#78; idle; import:not set
  369. 000 #79: "LAN"[6] 95.96.10.129 esp.ad585a15@95.96.10.129 esp.ad22afb1@85.145.148.106 tun.0@95.96.10.129 tun.0@85.145.148.106 ref=0 refhim=4294901761
  370. 000 #103: "LAN"[6] 95.96.10.129:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2957s; lastdpd=-1s(seq in:0 out:0); idle; import:not set
  371. 000 #102: "LAN"[6] 95.96.10.129:4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2419s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
  372. 000
  373. + _________________________ ifconfig-a
  374. + ifconfig -a
  375. eth0 Link encap:Ethernet HWaddr 00:04:75:E5:5B:18
  376. inet addr:85.145.148.106 Bcast:85.145.151.255 Mask:255.255.252.0
  377. inet6 addr: fe80::204:75ff:fee5:5b18/64 Scope:Link
  378. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  379. RX packets:481065 errors:0 dropped:0 overruns:0 frame:0
  380. TX packets:466750 errors:0 dropped:0 overruns:0 carrier:0
  381. collisions:0 txqueuelen:1000
  382. RX bytes:410535641 (391.5 MiB) TX bytes:78958682 (75.3 MiB)
  383. Interrupt:201 Base address:0x6000
  384.  
  385. eth1 Link encap:Ethernet HWaddr 00:0C:6E:3E:22:A9
  386. inet addr:10.97.10.1 Bcast:10.97.10.255 Mask:255.255.255.0
  387. inet6 addr: fe80::20c:6eff:fe3e:22a9/64 Scope:Link
  388. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  389. RX packets:478536 errors:0 dropped:0 overruns:0 frame:0
  390. TX packets:445295 errors:0 dropped:0 overruns:0 carrier:0
  391. collisions:0 txqueuelen:1000
  392. RX bytes:80839662 (77.0 MiB) TX bytes:335371910 (319.8 MiB)
  393. Interrupt:201 Base address:0x9800
  394.  
  395. imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  396. NOARP MTU:16000 Metric:1
  397. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  398. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  399. collisions:0 txqueuelen:11000
  400. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  401.  
  402. imq1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
  403. NOARP MTU:16000 Metric:1
  404. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  405. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  406. collisions:0 txqueuelen:11000
  407. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  408.  
  409. lo Link encap:Local Loopback
  410. inet addr:127.0.0.1 Mask:255.0.0.0
  411. inet6 addr: ::1/128 Scope:Host
  412. UP LOOPBACK RUNNING MTU:16436 Metric:1
  413. RX packets:5606 errors:0 dropped:0 overruns:0 frame:0
  414. TX packets:5606 errors:0 dropped:0 overruns:0 carrier:0
  415. collisions:0 txqueuelen:0
  416. RX bytes:2629695 (2.5 MiB) TX bytes:2629695 (2.5 MiB)
  417.  
  418. sit0 Link encap:IPv6-in-IPv4
  419. NOARP MTU:1480 Metric:1
  420. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  421. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  422. collisions:0 txqueuelen:0
  423. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  424.  
  425. + _________________________ ip-addr-list
  426. + ip addr list
  427. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
  428. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  429. inet 127.0.0.1/8 scope host lo
  430. inet6 ::1/128 scope host
  431. valid_lft forever preferred_lft forever
  432. 2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  433. link/ether 00:0c:6e:3e:22:a9 brd ff:ff:ff:ff:ff:ff
  434. inet 10.97.10.1/24 brd 10.97.10.255 scope global eth1
  435. inet6 fe80::20c:6eff:fe3e:22a9/64 scope link
  436. valid_lft forever preferred_lft forever
  437. 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  438. link/ether 00:04:75:e5:5b:18 brd ff:ff:ff:ff:ff:ff
  439. inet 85.145.148.106/22 brd 85.145.151.255 scope global eth0
  440. inet6 fe80::204:75ff:fee5:5b18/64 scope link
  441. valid_lft forever preferred_lft forever
  442. 4: imq0: <NOARP> mtu 16000 qdisc noop qlen 11000
  443. link/void
  444. 5: imq1: <NOARP> mtu 16000 qdisc noop qlen 11000
  445. link/void
  446. 6: sit0: <NOARP> mtu 1480 qdisc noop
  447. link/sit 0.0.0.0 brd 0.0.0.0
  448. + _________________________ ip-route-list
  449. + ip route list
  450. 10.81.9.204 dev eth0 scope link src 10.97.10.1
  451. 10.81.9.203 dev eth0 scope link src 10.97.10.1
  452. 10.97.10.0/24 dev eth1 proto kernel scope link src 10.97.10.1
  453. 85.145.148.0/22 dev eth0 proto kernel scope link src 85.145.148.106
  454. default via 85.145.148.1 dev eth0
  455. + _________________________ ip-rule-list
  456. + ip rule list
  457. 0: from all lookup 255
  458. 32766: from all lookup main
  459. 32767: from all lookup default
  460. + _________________________ ipsec_verify
  461. + ipsec verify --nocolour
  462. Checking your system to see if IPsec got installed and started correctly:
  463. Version check and ipsec on-path [OK]
  464. Linux Openswan U2.6.28/K2.6.18-194.8.1.v5 (netkey)
  465. Checking for IPsec support in kernel [OK]
  466. NETKEY detected, testing for disabled ICMP send_redirects [OK]
  467. NETKEY detected, testing for disabled ICMP accept_redirects [OK]
  468. Checking that pluto is running [OK]
  469. Pluto listening for IKE on udp 500 [OK]
  470. Pluto listening for NAT-T on udp 4500 [OK]
  471. Two or more interfaces found, checking IP forwarding [OK]
  472. Checking NAT and MASQUERADEing
  473. Checking for 'ip' command [OK]
  474. Checking for 'iptables' command [OK]
  475. Opportunistic Encryption Support [DISABLED]
  476. + _________________________ mii-tool
  477. + '[' -x /sbin/mii-tool ']'
  478. + /sbin/mii-tool -v
  479. eth0: negotiated 100baseTx-FD flow-control, link ok
  480. product info: vendor 00:10:5a, model 0 rev 0
  481. basic mode: autonegotiation enabled
  482. basic status: autonegotiation complete, link ok
  483. capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  484. advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  485. link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  486. eth1: negotiated 100baseTx-FD, link ok
  487. product info: vendor 00:00:20, model 32 rev 1
  488. basic mode: autonegotiation enabled
  489. basic status: autonegotiation complete, link ok
  490. capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  491. advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  492. link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  493. + _________________________ ipsec/directory
  494. + ipsec --directory
  495. /usr/local/lib/ipsec
  496. + _________________________ hostname/fqdn
  497. + hostname --fqdn
  498. gateway.helios.lan
  499. + _________________________ hostname/ipaddress
  500. + hostname --ip-address
  501. 10.97.10.1
  502. + _________________________ uptime
  503. + uptime
  504. 17:09:25 up 1 day, 4:03, 3 users, load average: 0.00, 0.06, 0.05
  505. + _________________________ ps
  506. + ps alxwf
  507. + egrep -i 'ppid|pluto|ipsec|klips'
  508. F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
  509. 0 0 3467 29365 24 0 4572 1220 wait S+ pts/0 0:00 | \_ /bin/sh /usr/local/libexec/ipsec/barf
  510. 0 0 3551 3467 25 0 432 144 - R+ pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips
  511. 1 0 19909 1 24 0 2488 416 wait S ? 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!10.97.10.0/24 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
  512. 1 0 19910 19909 24 0 2488 640 wait S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!10.97.10.0/24 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
  513. 4 0 19911 19910 15 0 3436 1840 - S ? 0:00 | \_ /usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!10.97.10.0/24
  514. 1 0 19917 19911 32 10 3372 764 - SN ? 0:00 | \_ pluto helper # 0
  515. 0 0 19930 19911 25 0 1680 284 - S ? 0:00 | \_ _pluto_adns
  516. 0 0 19912 19909 24 0 2488 1036 pipe_w S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --wait no --post
  517. 0 0 19914 1 23 0 1736 528 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun
  518. + _________________________ ipsec/showdefaults
  519. + ipsec showdefaults
  520. routephys=eth0
  521. routevirt=none
  522. routeaddr=85.145.148.106
  523. routenexthop=85.145.148.1
  524. + _________________________ ipsec/conf
  525. + ipsec _include /etc/ipsec.conf
  526. + ipsec _keycensor
  527.  
  528. #< /etc/ipsec.conf 1
  529. # /etc/ipsec.conf - Openswan IPsec configuration file
  530.  
  531. # This file: /usr/local/share/doc/openswan/ipsec.conf-sample
  532. #
  533. # Manual: ipsec.conf.5
  534.  
  535.  
  536. version 2.0 # conforms to second version of ipsec.conf specification
  537.  
  538. # basic configuration
  539. config setup
  540. # Do not set debug options to debug configuration issues!
  541. # plutodebug / klipsdebug = "all", "none" or a combation from below:
  542. # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
  543. # eg:
  544. # plutodebug="control parsing"
  545. #
  546. # enable to get logs per-peer
  547. # plutoopts="--perpeerlog"
  548. #
  549. # Again: only enable plutodebug or klipsdebug when asked by a developer
  550. #
  551. # NAT-TRAVERSAL support, see README.NAT-Traversal
  552. nat_traversal=yes
  553. # exclude networks used on server side by adding %v4:!a.b.c.0/24
  554. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!10.97.10.0/24
  555. # OE is now off by default. Uncomment and change to on, to enable.
  556. oe=off
  557. # which IPsec stack to use. auto will try netkey, then klips then mast
  558. protostack=netkey
  559.  
  560. # Add connections here
  561.  
  562. # sample VPN connection
  563. # for more examples, see /etc/ipsec.d/examples/
  564. #conn sample
  565. # # Left security gateway, subnet behind it, nexthop toward right.
  566. # left=10.0.0.1
  567. # leftsubnet=172.16.0.0/24
  568. # leftnexthop=10.22.33.44
  569. # # Right security gateway, subnet behind it, nexthop toward left.
  570. # right=10.12.12.1
  571. # rightsubnet=192.168.0.0/24
  572. # rightnexthop=10.101.102.103
  573. # # To authorize this connection, but not actually start it,
  574. # # at startup, uncomment this.
  575. # #auto=add
  576. conn LAN
  577. left=85.145.148.106
  578. leftsourceip=10.97.10.1
  579. leftsubnet=10.97.10.0/24
  580. leftrsasigkey=%cert
  581. leftcert="Left1024-cert.pem"
  582. leftid="/C=NL/ST=Utrecht/L=Utrecht/O=Testing Corporation/OU=Research and Development/CN=Left1024/emailAddress=admin@testingcorporation.nl"
  583. right=%any
  584. rightsubnet=vhost:%priv,%no
  585. rightrsasigkey=%cert
  586. rightid="/C=NL/ST=Utrecht/L=Utrecht/O=Testing Corporation/OU=Research and Development/CN=Right1024/emailAddress=admin@testingcorporation.nl"
  587. rightca=%same
  588. auto=add
  589.  
  590. + _________________________ ipsec/secrets
  591. + ipsec _include /etc/ipsec.secrets
  592. + ipsec _secretcensor
  593.  
  594. #< /etc/ipsec.secrets 1
  595. : RSA /etc/ipsec.d/private/Left1024-key.pem "[sums to 2867...]"
  596. + _________________________ ipsec/listall
  597. + ipsec auto --listall
  598. 000
  599. 000 List of Public Keys:
  600. 000
  601. 000 Aug 26 17:03:46 2010, 1024 RSA Key AwEAAcuUr (no private key), until Aug 21 23:40:19 2011 ok
  602. 000 ID_USER_FQDN 'admin@testingcorporation.nl'
  603. 000 Issuer 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  604. 000 Aug 26 17:03:46 2010, 1024 RSA Key AwEAAcuUr (no private key), until Aug 21 23:40:19 2011 ok
  605. 000 ID_DER_ASN1_DN 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  606. 000 Issuer 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  607. 000 Aug 25 13:46:45 2010, 1024 RSA Key AwEAAac0u (has private key), until Aug 21 23:39:52 2011 ok
  608. 000 ID_DER_ASN1_DN 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl'
  609. 000 Issuer 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  610. 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
  611. 000 1: RSA (none) (none)
  612. 000
  613. 000 List of X.509 End Certificates:
  614. 000
  615. 000 Aug 25 13:46:45 2010, count: 3
  616. 000 subject: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl'
  617. 000 issuer: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  618. 000 serial: 01
  619. 000 pubkey: 1024 RSA Key AwEAAac0u, has private key
  620. 000 validity: not before Aug 21 23:39:52 2010 ok
  621. 000 not after Aug 21 23:39:52 2011 ok
  622. 000 subjkey: b6:31:11:23:ce:2e:44:da:37:b6:ad:28:db:29:76:5f:f9:99:3e:d3
  623. 000 authkey: 9a:fb:f6:09:95:a1:9f:9a:63:b6:be:c5:76:bc:65:8b:92:94:cb:9d
  624. 000 aserial: 00:b2:89:a7:f2:67:f8:fd:55
  625. 000
  626. 000 List of X.509 CA Certificates:
  627. 000
  628. 000 Aug 25 13:46:44 2010, count: 1
  629. 000 subject: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  630. 000 issuer: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  631. 000 serial: 00:b2:89:a7:f2:67:f8:fd:55
  632. 000 pubkey: 1024 RSA Key AwEAAeKdH
  633. 000 validity: not before Aug 21 23:39:28 2010 ok
  634. 000 not after Aug 18 23:39:28 2020 ok
  635. 000 subjkey: 9a:fb:f6:09:95:a1:9f:9a:63:b6:be:c5:76:bc:65:8b:92:94:cb:9d
  636. 000 authkey: 9a:fb:f6:09:95:a1:9f:9a:63:b6:be:c5:76:bc:65:8b:92:94:cb:9d
  637. 000 aserial: 00:b2:89:a7:f2:67:f8:fd:55
  638. 000
  639. 000 List of X.509 CRLs:
  640. 000
  641. 000 Aug 25 13:46:44 2010, revoked certs: 0
  642. 000 issuer: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Testing1024, E=admin@testingcorporation.nl'
  643. 000 updates: this Aug 21 23:42:15 2010
  644. 000 next Sep 20 23:42:15 2010 ok
  645. + '[' /etc/ipsec.d/policies ']'
  646. + for policy in '$POLICIES/*'
  647. ++ basename /etc/ipsec.d/policies/block
  648. + base=block
  649. + _________________________ ipsec/policies/block
  650. + cat /etc/ipsec.d/policies/block
  651. # This file defines the set of CIDRs (network/mask-length) to which
  652. # communication should never be allowed.
  653. #
  654. # See /usr/share/doc/openswan/policygroups.html for details.
  655. #
  656. # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
  657. #
  658.  
  659. + for policy in '$POLICIES/*'
  660. ++ basename /etc/ipsec.d/policies/clear
  661. + base=clear
  662. + _________________________ ipsec/policies/clear
  663. + cat /etc/ipsec.d/policies/clear
  664. # This file defines the set of CIDRs (network/mask-length) to which
  665. # communication should always be in the clear.
  666. #
  667. # See /usr/share/doc/openswan/policygroups.html for details.
  668. #
  669.  
  670. # root name servers should be in the clear
  671. 192.58.128.30/32
  672. 198.41.0.4/32
  673. 192.228.79.201/32
  674. 192.33.4.12/32
  675. 128.8.10.90/32
  676. 192.203.230.10/32
  677. 192.5.5.241/32
  678. 192.112.36.4/32
  679. 128.63.2.53/32
  680. 192.36.148.17/32
  681. 193.0.14.129/32
  682. 199.7.83.42/32
  683. 202.12.27.33/32
  684. + for policy in '$POLICIES/*'
  685. ++ basename /etc/ipsec.d/policies/clear-or-private
  686. + base=clear-or-private
  687. + _________________________ ipsec/policies/clear-or-private
  688. + cat /etc/ipsec.d/policies/clear-or-private
  689. # This file defines the set of CIDRs (network/mask-length) to which
  690. # we will communicate in the clear, or, if the other side initiates IPSEC,
  691. # using encryption. This behaviour is also called "Opportunistic Responder".
  692. #
  693. # See /usr/share/doc/openswan/policygroups.html for details.
  694. #
  695. # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
  696. #
  697. + for policy in '$POLICIES/*'
  698. ++ basename /etc/ipsec.d/policies/private
  699. + base=private
  700. + _________________________ ipsec/policies/private
  701. + cat /etc/ipsec.d/policies/private
  702. # This file defines the set of CIDRs (network/mask-length) to which
  703. # communication should always be private (i.e. encrypted).
  704. # See /usr/share/doc/openswan/policygroups.html for details.
  705. #
  706. # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
  707. #
  708. + for policy in '$POLICIES/*'
  709. ++ basename /etc/ipsec.d/policies/private-or-clear
  710. + base=private-or-clear
  711. + _________________________ ipsec/policies/private-or-clear
  712. + cat /etc/ipsec.d/policies/private-or-clear
  713. # This file defines the set of CIDRs (network/mask-length) to which
  714. # communication should be private, if possible, but in the clear otherwise.
  715. #
  716. # If the target has a TXT (later IPSECKEY) record that specifies
  717. # authentication material, we will require private (i.e. encrypted)
  718. # communications. If no such record is found, communications will be
  719. # in the clear.
  720. #
  721. # See /usr/share/doc/openswan/policygroups.html for details.
  722. #
  723. # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
  724. #
  725.  
  726. 0.0.0.0/0
  727. + _________________________ ipsec/ls-libdir
  728. + ls -l /usr/local/lib/ipsec
  729. total 128
  730. -rwxr-xr-x 1 root root 12196 Aug 25 13:38 _copyright
  731. -rwxr-xr-x 1 root root 2379 Aug 25 13:38 _include
  732. -rwxr-xr-x 1 root root 1475 Aug 25 13:38 _keycensor
  733. -rwxr-xr-x 1 root root 2632 Aug 25 13:38 _plutoload
  734. -rwxr-xr-x 1 root root 8221 Aug 25 13:38 _plutorun
  735. -rwxr-xr-x 1 root root 12951 Aug 25 13:38 _realsetup
  736. -rwxr-xr-x 1 root root 1975 Aug 25 13:38 _secretcensor
  737. -rwxr-xr-x 1 root root 9314 Aug 25 13:38 _startklips
  738. -rwxr-xr-x 1 root root 6042 Aug 25 13:38 _startnetkey
  739. -rwxr-xr-x 1 root root 4886 Aug 25 13:38 _updown
  740. -rwxr-xr-x 1 root root 16182 Aug 25 13:38 _updown.klips
  741. -rwxr-xr-x 1 root root 15372 Aug 25 13:38 _updown.mast
  742. -rwxr-xr-x 1 root root 11551 Aug 25 13:38 _updown.netkey
  743. + _________________________ ipsec/ls-execdir
  744. + ls -l /usr/local/libexec/ipsec
  745. total 4960
  746. -rwxr-xr-x 1 root root 21910 Aug 25 13:38 _pluto_adns
  747. -rwxr-xr-x 1 root root 387796 Aug 25 13:38 addconn
  748. -rwxr-xr-x 1 root root 6015 Aug 25 13:38 auto
  749. -rwxr-xr-x 1 root root 10828 Aug 25 13:38 barf
  750. -rwxr-xr-x 1 root root 175646 Aug 25 13:38 eroute
  751. -rwxr-xr-x 1 root root 48916 Aug 25 13:38 ikeping
  752. -rwxr-xr-x 1 root root 115332 Aug 25 13:38 klipsdebug
  753. -rwxr-xr-x 1 root root 2591 Aug 25 13:38 look
  754. -rwxr-xr-x 1 root root 2182 Aug 25 13:38 newhostkey
  755. -rwxr-xr-x 1 root root 105844 Aug 25 13:38 pf_key
  756. -rwxr-xr-x 1 root root 2816403 Aug 25 13:38 pluto
  757. -rwxr-xr-x 1 root root 16799 Aug 25 13:38 ranbits
  758. -rwxr-xr-x 1 root root 37046 Aug 25 13:38 rsasigkey
  759. -rwxr-xr-x 1 root root 766 Aug 25 13:38 secrets
  760. lrwxrwxrwx 1 root root 22 Aug 25 13:38 setup -> /etc/rc.d/init.d/ipsec
  761. -rwxr-xr-x 1 root root 1054 Aug 25 13:38 showdefaults
  762. -rwxr-xr-x 1 root root 483277 Aug 25 13:38 showhostkey
  763. -rwxr-xr-x 1 root root 63622 Aug 25 13:38 showpolicy
  764. -rwxr-xr-x 1 root root 291460 Aug 25 13:38 spi
  765. -rwxr-xr-x 1 root root 151281 Aug 25 13:38 spigrp
  766. -rwxr-xr-x 1 root root 126834 Aug 25 13:38 tncfg
  767. -rwxr-xr-x 1 root root 13452 Aug 25 13:38 verify
  768. -rwxr-xr-x 1 root root 112726 Aug 25 13:38 whack
  769. + _________________________ /proc/net/dev
  770. + cat /proc/net/dev
  771. Inter-| Receive | Transmit
  772. face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
  773. lo: 2629695 5606 0 0 0 0 0 0 2629695 5606 0 0 0 0 0 0
  774. eth1:80839662 478536 0 0 0 0 0 0 335372024 445296 0 0 0 0 0 0
  775. eth0:410535953 481068 0 0 0 0 0 0 78958856 466752 0 0 0 0 0 0
  776. imq0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  777. imq1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  778. sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  779. + _________________________ /proc/net/route
  780. + cat /proc/net/route
  781. Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
  782. eth0 CC09510A 00000000 0005 0 0 0 FFFFFFFF 0 0 0
  783. eth0 CB09510A 00000000 0005 0 0 0 FFFFFFFF 0 0 0
  784. eth1 000A610A 00000000 0001 0 0 0 00FFFFFF 0 0 0
  785. eth0 00949155 00000000 0001 0 0 0 00FCFFFF 0 0 0
  786. eth0 00000000 01949155 0003 0 0 0 00000000 0 0 0
  787. + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
  788. + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
  789. 0
  790. + _________________________ /proc/sys/net/ipv4/ip_forward
  791. + cat /proc/sys/net/ipv4/ip_forward
  792. 1
  793. + _________________________ /proc/sys/net/ipv4/tcp_ecn
  794. + cat /proc/sys/net/ipv4/tcp_ecn
  795. 0
  796. + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
  797. + cd /proc/sys/net/ipv4/conf
  798. + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
  799. all/rp_filter:0
  800. default/rp_filter:1
  801. eth0/rp_filter:1
  802. eth1/rp_filter:1
  803. lo/rp_filter:0
  804. + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
  805. + cd /proc/sys/net/ipv4/conf
  806. + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
  807. all/accept_redirects:0
  808. all/secure_redirects:0
  809. all/send_redirects:0
  810. default/accept_redirects:0
  811. default/secure_redirects:0
  812. default/send_redirects:0
  813. eth0/accept_redirects:0
  814. eth0/secure_redirects:0
  815. eth0/send_redirects:0
  816. eth1/accept_redirects:0
  817. eth1/secure_redirects:0
  818. eth1/send_redirects:0
  819. lo/accept_redirects:0
  820. lo/secure_redirects:0
  821. lo/send_redirects:0
  822. + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
  823. + cat /proc/sys/net/ipv4/tcp_window_scaling
  824. 1
  825. + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
  826. + cat /proc/sys/net/ipv4/tcp_adv_win_scale
  827. 2
  828. + _________________________ uname-a
  829. + uname -a
  830. Linux gateway.helios.lan 2.6.18-194.8.1.v5 #1 SMP Thu Jul 15 01:14:04 EDT 2010 i686 i686 i386 GNU/Linux
  831. + _________________________ config-built-with
  832. + test -r /proc/config_built_with
  833. + _________________________ distro-release
  834. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  835. + test -f /etc/redhat-release
  836. + cat /etc/redhat-release
  837. CentOS release 5.4 (Final)
  838. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  839. + test -f /etc/debian-release
  840. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  841. + test -f /etc/SuSE-release
  842. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  843. + test -f /etc/mandrake-release
  844. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  845. + test -f /etc/mandriva-release
  846. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
  847. + test -f /etc/gentoo-release
  848. + _________________________ /proc/net/ipsec_version
  849. + test -r /proc/net/ipsec_version
  850. + test -r /proc/net/pfkey
  851. ++ uname -r
  852. + echo 'NETKEY (2.6.18-194.8.1.v5) support detected '
  853. NETKEY (2.6.18-194.8.1.v5) support detected
  854. + _________________________ iptables
  855. + test -r /sbin/iptables
  856. + iptables -L -v -n
  857. Chain INPUT (policy DROP 226 packets, 13483 bytes)
  858. pkts bytes target prot opt in out source destination
  859. 1 52 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
  860. 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
  861. 10 2428 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
  862. 0 0 DROP all -- eth0 * 127.0.0.0/8 0.0.0.0/0
  863. 0 0 DROP all -- eth0 * 169.254.0.0/16 0.0.0.0/0
  864. 76 6144 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
  865. 0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
  866. 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
  867. 5985 504K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
  868. 157 4553 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 0
  869. 6 576 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 3
  870. 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
  871. 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 11
  872. 1 328 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
  873. 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
  874. 821 49232 ACCEPT udp -- * * 0.0.0.0/0 85.145.148.106 udp dpt:4500
  875. 0 0 ACCEPT udp -- * * 0.0.0.0/0 85.145.148.106 udp dpt:5000
  876. 18 7452 ACCEPT udp -- * * 0.0.0.0/0 85.145.148.106 udp dpt:500
  877. 0 0 ACCEPT tcp -- * * 0.0.0.0/0 85.145.148.106 tcp dpt:443
  878. 0 0 ACCEPT udp -- * * 0.0.0.0/0 85.145.148.106 udp dpt:443
  879. 0 0 ACCEPT udp -- * * 0.0.0.0/0 85.145.148.106 udp spt:500 dpt:500
  880. 0 0 ACCEPT esp -- * * 0.0.0.0/0 85.145.148.106
  881. 0 0 ACCEPT ah -- * * 0.0.0.0/0 85.145.148.106
  882. 0 0 ACCEPT all -- * * 0.0.0.0/0 85.145.148.106 MARK match 0x64
  883. 0 0 ACCEPT all -- * * 0.0.0.0/0 10.97.10.1 MARK match 0x64
  884. 226 29147 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
  885. 52 30154 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
  886.  
  887. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  888. pkts bytes target prot opt in out source destination
  889. 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x64
  890. 16132 1370K ACCEPT tcp -- * eth1 0.0.0.0/0 10.97.10.102 tcp dpt:22
  891. 8 613 ACCEPT tcp -- * eth1 0.0.0.0/0 10.97.10.102 tcp dpt:443
  892. 0 0 ACCEPT udp -- * eth1 0.0.0.0/0 10.97.10.102 udp dpt:443
  893. 39637 10M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  894. 1825 104K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
  895. 0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
  896. 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
  897.  
  898. Chain OUTPUT (policy DROP 0 packets, 0 bytes)
  899. pkts bytes target prot opt in out source destination
  900. 87 8624 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
  901. 0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
  902. 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
  903. 4133 597K ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
  904. 162 5367 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0
  905. 1 328 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
  906. 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
  907. 32 18640 ACCEPT udp -- * eth0 85.145.148.106 0.0.0.0/0 udp spt:4500
  908. 0 0 ACCEPT udp -- * eth0 85.145.148.106 0.0.0.0/0 udp spt:5000
  909. 200 121K ACCEPT udp -- * eth0 85.145.148.106 0.0.0.0/0 udp spt:500
  910. 0 0 ACCEPT tcp -- * eth0 85.145.148.106 0.0.0.0/0 tcp spt:443
  911. 0 0 ACCEPT udp -- * eth0 85.145.148.106 0.0.0.0/0 udp spt:443
  912. 0 0 ACCEPT udp -- * eth0 85.145.148.106 0.0.0.0/0 udp spt:500 dpt:500
  913. 0 0 ACCEPT esp -- * eth0 85.145.148.106 0.0.0.0/0
  914. 0 0 ACCEPT ah -- * eth0 85.145.148.106 0.0.0.0/0
  915. 306 23160 ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
  916.  
  917. Chain drop-lan (0 references)
  918. pkts bytes target prot opt in out source destination
  919. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  920. + _________________________ iptables-nat
  921. + iptables -t nat -L -v -n
  922. Chain PREROUTING (policy ACCEPT 40907 packets, 3965K bytes)
  923. pkts bytes target prot opt in out source destination
  924. 22 1320 DNAT tcp -- * * 0.0.0.0/0 85.145.148.106 tcp dpt:22 to:10.97.10.102:22
  925. 2 120 DNAT tcp -- * * 0.0.0.0/0 85.145.148.106 tcp dpt:443 to:10.97.10.102:443
  926. 0 0 DNAT udp -- * * 0.0.0.0/0 85.145.148.106 udp dpt:443 to:10.97.10.102:443
  927.  
  928. Chain POSTROUTING (policy ACCEPT 4502 packets, 238K bytes)
  929. pkts bytes target prot opt in out source destination
  930. 0 0 ACCEPT esp -- * eth0 0.0.0.0/0 0.0.0.0/0
  931. 0 0 ACCEPT ah -- * eth0 0.0.0.0/0 0.0.0.0/0
  932. 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
  933. 0 0 SNAT tcp -- * * 10.97.10.0/24 10.97.10.102 tcp dpt:22 to:10.97.10.1
  934. 0 0 SNAT tcp -- * * 10.97.10.0/24 10.97.10.102 tcp dpt:443 to:10.97.10.1
  935. 0 0 SNAT udp -- * * 10.97.10.0/24 10.97.10.102 udp dpt:443 to:10.97.10.1
  936. 1034 85183 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
  937.  
  938. Chain OUTPUT (policy ACCEPT 8808 packets, 1259K bytes)
  939. pkts bytes target prot opt in out source destination
  940. + _________________________ iptables-mangle
  941. + iptables -t mangle -L -v -n
  942. Chain PREROUTING (policy ACCEPT 954K packets, 478M bytes)
  943. pkts bytes target prot opt in out source destination
  944. 0 0 MARK esp -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x64
  945.  
  946. Chain INPUT (policy ACCEPT 117K packets, 88M bytes)
  947. pkts bytes target prot opt in out source destination
  948.  
  949. Chain FORWARD (policy ACCEPT 836K packets, 390M bytes)
  950. pkts bytes target prot opt in out source destination
  951.  
  952. Chain OUTPUT (policy ACCEPT 69968 packets, 12M bytes)
  953. pkts bytes target prot opt in out source destination
  954.  
  955. Chain POSTROUTING (policy ACCEPT 906K packets, 402M bytes)
  956. pkts bytes target prot opt in out source destination
  957. + _________________________ /proc/modules
  958. + test -f /proc/modules
  959. + cat /proc/modules
  960. xt_mark 5888 3 - Live 0xe0d2c000 (U)
  961. xt_MARK 6400 1 - Live 0xe0d26000 (U)
  962. krng 6016 1 - Live 0xe0d23000 (U)
  963. ansi_cprng 9604 0 - Live 0xe0d1f000 (U)
  964. chainiv 9088 6 - Live 0xe0d1b000 (U)
  965. rng 7688 3 krng,ansi_cprng,chainiv, Live 0xe0d18000 (U)
  966. authenc 10368 6 - Live 0xe0d14000 (U)
  967. hmac 8704 6 - Live 0xe0cff000 (U)
  968. cryptomgr 7552 0 - Live 0xe0c00000 (U)
  969. ah6 10368 0 - Live 0xe0c6c000 (U)
  970. ah4 10240 0 - Live 0xe0c63000 (U)
  971. esp6 12160 0 - Live 0xe0c5f000 (U)
  972. esp4 12288 6 - Live 0xe0c5b000 (U)
  973. xfrm4_tunnel 6528 0 - Live 0xe0c53000 (U)
  974. xfrm4_mode_tunnel 6784 6 - Live 0xe0c4c000 (U)
  975. xfrm4_mode_transport 6016 0 - Live 0xe0c46000 (U)
  976. xfrm6_mode_transport 6144 0 - Live 0xe0c43000 (U)
  977. xfrm6_mode_tunnel 6656 0 - Live 0xe0c40000 (U)
  978. ipcomp 11400 0 - Live 0xe0c3c000 (U)
  979. ipcomp6 11912 0 - Live 0xe0c24000 (U)
  980. xfrm6_tunnel 11040 1 ipcomp6, Live 0xe0c28000 (U)
  981. af_key 40720 0 - Live 0xe0c31000 (U)
  982. deflate 7808 0 - Live 0xe0cde000 (U)
  983. zlib_deflate 21912 1 deflate, Live 0xe0d0d000 (U)
  984. ccm 13440 0 - Live 0xe0ce8000 (U)
  985. serpent 29184 0 - Live 0xe0d04000 (U)
  986. blowfish 12544 0 - Live 0xe0ce3000 (U)
  987. twofish 45952 0 - Live 0xe0cee000 (U)
  988. ecb 7552 0 - Live 0xe0cdb000 (U)
  989. xcbc 9856 0 - Live 0xe0cd7000 (U)
  990. crypto_hash 6272 2 hmac,xcbc, Live 0xe0cd4000 (U)
  991. cbc 8192 6 - Live 0xe0cd1000 (U)
  992. md5 8064 0 - Live 0xe0cce000 (U)
  993. sha256 15232 0 - Live 0xe0c09000 (U)
  994. sha512 13056 0 - Live 0xe0c67000 (U)
  995. des 20352 0 - Live 0xe0cc8000 (U)
  996. aes_generic 31680 0 - Live 0xe0cbf000 (U)
  997. aes_i586 36992 6 - Live 0xe0cb4000 (U)
  998. xfrm6_esp 9472 1 esp6, Live 0xe0c57000 (U)
  999. xfrm4_esp 9728 1 esp4, Live 0xe0c4f000 (U)
  1000. tunnel4 7300 1 xfrm4_tunnel, Live 0xe0c49000 (U)
  1001. tunnel6 7300 1 xfrm6_tunnel, Live 0xe0c21000 (U)
  1002. ipv6 270368 35 ah6,esp6,xfrm6_mode_transport,ipcomp6,xfrm6_tunnel,xfrm6_esp,tunnel6, Live 0xe0c70000 (U)
  1003. xfrm_nalgo 13316 7 ah6,ah4,esp6,esp4,xfrm6_esp,xfrm4_esp,ipv6, Live 0xe0c1c000 (U)
  1004. xt_tcpudp 7040 29 - Live 0xe0c03000 (U)
  1005. xt_state 6144 6 - Live 0xe0c06000 (U)
  1006. ip_nat_h323 11008 0 - Live 0xe0be6000 (U)
  1007. ip_conntrack_h323 51356 1 ip_nat_h323, Live 0xe0c0e000 (U)
  1008. ip_nat_pptp 9732 0 - Live 0xe0bfc000 (U)
  1009. ip_nat_irc 6656 0 - Live 0xe0bea000 (U)
  1010. ip_nat_ftp 7296 0 - Live 0xe0bbd000 (U)
  1011. ipt_MASQUERADE 8192 1 - Live 0xe0b84000 (U)
  1012. ipt_IMQ 6016 0 - Live 0xe0bba000 (U)
  1013. imq 8964 0 - Live 0xe0be2000 (U)
  1014. ip_conntrack_pptp 15376 1 ip_nat_pptp, Live 0xe0bdd000 (U)
  1015. testmgr_cipher 6784 0 - Live 0xe0b2c000 (U)
  1016. testmgr 52272 1 testmgr_cipher, Live 0xe0bee000 (U)
  1017. aead 11776 5 authenc,esp6,esp4,ccm,testmgr, Live 0xe0b79000 (U)
  1018. crypto_blkcipher 17536 6 chainiv,authenc,ccm,ecb,cbc,testmgr, Live 0xe0bce000 (U)
  1019. crypto_algapi 22784 13 krng,ansi_cprng,chainiv,authenc,hmac,cryptomgr,ccm,ecb,xcbc,cbc,testmgr,aead,crypto_blkcipher, Live 0xe0bd6000 (U)
  1020. crypto_api 12544 12 rng,authenc,ah6,ah4,esp6,esp4,ccm,xfrm_nalgo,testmgr,aead,crypto_blkcipher,crypto_algapi, Live 0xe0bc9000 (U)
  1021. arc4 6016 0 - Live 0xe0b76000 (U)
  1022. ppp_mppe 10372 0 - Live 0xe0bb6000 (U)
  1023. ppp_generic 29972 1 ppp_mppe, Live 0xe0bc0000 (U)
  1024. slhc 10240 1 ppp_generic, Live 0xe0bb2000 (U)
  1025. ip_conntrack_irc 10480 1 ip_nat_irc, Live 0xe0bae000 (U)
  1026. ip_conntrack_ftp 11504 1 ip_nat_ftp, Live 0xe0baa000 (U)
  1027. ipt_REJECT 9600 1 - Live 0xe0ba6000 (U)
  1028. ipt_LOG 9856 0 - Live 0xe0ba2000 (U)
  1029. iptable_nat 11140 1 - Live 0xe0b9e000 (U)
  1030. ip_nat 21548 6 ip_nat_h323,ip_nat_pptp,ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,iptable_nat, Live 0xe0b7d000 (U)
  1031. ip_conntrack 53216 12 xt_state,ip_nat_h323,ip_conntrack_h323,ip_nat_pptp,ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE,ip_conntrack_pptp,ip_conntrack_irc,ip_conntrack_ftp,iptable_nat,ip_nat, Live 0xe0b87000 (U)
  1032. nfnetlink 10648 2 ip_nat,ip_conntrack, Live 0xe0b02000 (U)
  1033. iptable_mangle 6784 1 - Live 0xe0b06000 (U)
  1034. iptable_filter 7040 1 - Live 0xe0a59000 (U)
  1035. ip_tables 16964 3 iptable_nat,iptable_mangle,iptable_filter, Live 0xe0b26000 (U)
  1036. x_tables 17284 10 xt_mark,xt_MARK,xt_tcpudp,xt_state,ipt_MASQUERADE,ipt_IMQ,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables, Live 0xe0b20000 (U)
  1037. ib_iser 37208 0 - Live 0xe0b6b000 (U)
  1038. rdma_cm 35384 1 ib_iser, Live 0xe0b61000 (U)
  1039. ib_cm 39148 1 rdma_cm, Live 0xe0b56000 (U)
  1040. iw_cm 13060 1 rdma_cm, Live 0xe0b1b000 (U)
  1041. ib_sa 39028 2 rdma_cm,ib_cm, Live 0xe0b4b000 (U)
  1042. ib_mad 37780 2 ib_cm,ib_sa, Live 0xe0b40000 (U)
  1043. ib_core 63620 6 ib_iser,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad, Live 0xe0b2f000 (U)
  1044. ib_addr 11780 1 rdma_cm, Live 0xe0b17000 (U)
  1045. iscsi_tcp 19848 0 - Live 0xe0b11000 (U)
  1046. libiscsi_tcp 21892 1 iscsi_tcp, Live 0xe0b0a000 (U)
  1047. libiscsi2 42628 3 ib_iser,iscsi_tcp,libiscsi_tcp, Live 0xe0aea000 (U)
  1048. scsi_transport_iscsi2 37644 4 ib_iser,iscsi_tcp,libiscsi2, Live 0xe0af7000 (U)
  1049. scsi_transport_iscsi 6020 1 scsi_transport_iscsi2, Live 0xe0a5c000 (U)
  1050. dm_mirror 24328 0 - Live 0xe0a61000 (U)
  1051. dm_multipath 25356 0 - Live 0xe0a46000 (U)
  1052. scsi_dh 12032 1 dm_multipath, Live 0xe0a55000 (U)
  1053. video 21128 0 - Live 0xe0a4e000 (U)
  1054. backlight 9984 1 video, Live 0xe0a04000 (U)
  1055. sbs 18468 0 - Live 0xe0a3a000 (U)
  1056. power_meter 16396 0 - Live 0xe0a40000 (U)
  1057. hwmon 7300 1 power_meter, Live 0xe0a17000 (U)
  1058. i2c_ec 8960 1 sbs, Live 0xe0a36000 (U)
  1059. dell_wmi 8336 0 - Live 0xe0a08000 (U)
  1060. wmi 12072 1 dell_wmi, Live 0xe0a32000 (U)
  1061. button 10512 0 - Live 0xe09fc000 (U)
  1062. battery 13572 0 - Live 0xe0a12000 (U)
  1063. asus_acpi 19224 0 - Live 0xe0a0c000 (U)
  1064. ac 9092 0 - Live 0xe0a00000 (U)
  1065. lp 15784 0 - Live 0xe0990000 (U)
  1066. snd_intel8x0 35356 0 - Live 0xe09b9000 (U)
  1067. snd_ac97_codec 92832 1 snd_intel8x0, Live 0xe0a1a000 (U)
  1068. ac97_bus 6272 1 snd_ac97_codec, Live 0xe09b6000 (U)
  1069. snd_seq_dummy 7812 0 - Live 0xe09b3000 (U)
  1070. snd_seq_oss 32512 0 - Live 0xe099c000 (U)
  1071. snd_seq_midi_event 10880 1 snd_seq_oss, Live 0xe097c000 (U)
  1072. snd_seq 49520 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live 0xe09ee000 (U)
  1073. snd_pcm_oss 42752 0 - Live 0xe09e2000 (U)
  1074. 3c59x 44584 0 - Live 0xe09d6000 (U)
  1075. snd_mixer_oss 18944 1 snd_pcm_oss, Live 0xe09ad000 (U)
  1076. snd_pcm 72068 3 snd_intel8x0,snd_ac97_codec,snd_pcm_oss, Live 0xe09c3000 (U)
  1077. pcspkr 7040 0 - Live 0xe08bd000 (U)
  1078. sis900 25984 0 - Live 0xe09a5000 (U)
  1079. mii 9216 2 3c59x,sis900, Live 0xe098c000 (U)
  1080. snd_timer 24452 2 snd_seq,snd_pcm, Live 0xe0995000 (U)
  1081. i2c_sis96x 9348 0 - Live 0xe0980000 (U)
  1082. i2c_core 23936 2 i2c_ec,i2c_sis96x, Live 0xe0985000 (U)
  1083. snd_page_alloc 14216 2 snd_intel8x0,snd_pcm, Live 0xe090d000 (U)
  1084. snd_mpu401 12200 0 - Live 0xe0978000 (U)
  1085. snd_mpu401_uart 12032 1 snd_mpu401, Live 0xe0974000 (U)
  1086. snd_rawmidi 26368 1 snd_mpu401_uart, Live 0xe095d000 (U)
  1087. snd_seq_device 11660 4 snd_seq_dummy,snd_seq_oss,snd_seq,snd_rawmidi, Live 0xe0959000 (U)
  1088. ns558 8960 0 - Live 0xe0912000 (U)
  1089. gameport 18568 2 ns558, Live 0xe0953000 (U)
  1090. snd 55684 12 snd_intel8x0,snd_ac97_codec,snd_seq_oss,snd_seq,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_mpu401,snd_mpu401_uart,snd_rawmidi,snd_seq_device, Live 0xe0965000 (U)
  1091. soundcore 11488 1 snd, Live 0xe08ca000 (U)
  1092. parport_pc 29092 1 - Live 0xe0918000 (U)
  1093. parport 37448 2 lp,parport_pc, Live 0xe0948000 (U)
  1094. ide_cd 40096 0 - Live 0xe093d000 (U)
  1095. cdrom 36512 1 ide_cd, Live 0xe0933000 (U)
  1096. serio_raw 10628 0 - Live 0xe084e000 (U)
  1097. dm_raid45 67080 0 - Live 0xe0921000 (U)
  1098. dm_message 6912 1 dm_raid45, Live 0xe08ba000 (U)
  1099. dm_region_hash 15616 1 dm_raid45, Live 0xe08c5000 (U)
  1100. dm_log 14592 3 dm_mirror,dm_raid45,dm_region_hash, Live 0xe08c0000 (U)
  1101. dm_mod 63160 4 dm_mirror,dm_multipath,dm_raid45,dm_log, Live 0xe08ce000 (U)
  1102. dm_mem_cache 9472 1 dm_raid45, Live 0xe0852000 (U)
  1103. pata_sis 15620 0 - Live 0xe08b5000 (U)
  1104. libata 157252 1 pata_sis, Live 0xe08e5000 (U)
  1105. sd_mod 25216 0 - Live 0xe0857000 (U)
  1106. scsi_mod 141908 7 ib_iser,iscsi_tcp,libiscsi2,scsi_transport_iscsi2,scsi_dh,libata,sd_mod, Live 0xe0870000 (U)
  1107. ext3 125448 2 - Live 0xe0895000 (U)
  1108. jbd 57256 1 ext3, Live 0xe0861000 (U)
  1109. uhci_hcd 25356 0 - Live 0xe0834000 (U)
  1110. ohci_hcd 24872 0 - Live 0xe0846000 (U)
  1111. ehci_hcd 33804 0 - Live 0xe083c000 (U)
  1112. + _________________________ /proc/meminfo
  1113. + cat /proc/meminfo
  1114. MemTotal: 515380 kB
  1115. MemFree: 33520 kB
  1116. Buffers: 92708 kB
  1117. Cached: 203164 kB
  1118. SwapCached: 0 kB
  1119. Active: 258976 kB
  1120. Inactive: 137132 kB
  1121. HighTotal: 0 kB
  1122. HighFree: 0 kB
  1123. LowTotal: 515380 kB
  1124. LowFree: 33520 kB
  1125. SwapTotal: 1052248 kB
  1126. SwapFree: 1052120 kB
  1127. Dirty: 76 kB
  1128. Writeback: 0 kB
  1129. AnonPages: 100216 kB
  1130. Mapped: 43868 kB
  1131. Slab: 77600 kB
  1132. PageTables: 2216 kB
  1133. NFS_Unstable: 0 kB
  1134. Bounce: 0 kB
  1135. CommitLimit: 1309936 kB
  1136. Committed_AS: 400992 kB
  1137. VmallocTotal: 507896 kB
  1138. VmallocUsed: 5196 kB
  1139. VmallocChunk: 502588 kB
  1140. HugePages_Total: 0
  1141. HugePages_Free: 0
  1142. HugePages_Rsvd: 0
  1143. Hugepagesize: 4096 kB
  1144. + _________________________ /proc/net/ipsec-ls
  1145. + test -f /proc/net/ipsec_version
  1146. + _________________________ usr/src/linux/.config
  1147. + test -f /proc/config.gz
  1148. ++ uname -r
  1149. + test -f /lib/modules/2.6.18-194.8.1.v5/build/.config
  1150. ++ uname -r
  1151. + cat /lib/modules/2.6.18-194.8.1.v5/build/.config
  1152. + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
  1153. CONFIG_XFRM=y
  1154. CONFIG_XFRM_NALGO=m
  1155. CONFIG_XFRM_USER=y
  1156. CONFIG_NET_KEY=m
  1157. CONFIG_INET=y
  1158. CONFIG_IP_MULTICAST=y
  1159. CONFIG_IP_ADVANCED_ROUTER=y
  1160. # CONFIG_IP_FIB_TRIE is not set
  1161. CONFIG_IP_FIB_HASH=y
  1162. CONFIG_IP_MULTIPLE_TABLES=y
  1163. CONFIG_IP_ROUTE_FWMARK=y
  1164. CONFIG_IP_ROUTE_MULTIPATH=y
  1165. # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
  1166. CONFIG_IP_ROUTE_VERBOSE=y
  1167. # CONFIG_IP_PNP is not set
  1168. CONFIG_IP_MROUTE=y
  1169. CONFIG_IP_PIMSM_V1=y
  1170. CONFIG_IP_PIMSM_V2=y
  1171. CONFIG_INET_AH=m
  1172. CONFIG_INET_ESP=m
  1173. CONFIG_INET_IPCOMP=m
  1174. CONFIG_INET_XFRM_TUNNEL=m
  1175. CONFIG_INET_TUNNEL=m
  1176. CONFIG_INET_XFRM_MODE_TRANSPORT=m
  1177. CONFIG_INET_XFRM_MODE_TUNNEL=m
  1178. CONFIG_INET_DIAG=m
  1179. CONFIG_INET_TCP_DIAG=m
  1180. CONFIG_INET_LRO=y
  1181. CONFIG_IP_VS=m
  1182. # CONFIG_IP_VS_DEBUG is not set
  1183. CONFIG_IP_VS_TAB_BITS=12
  1184. CONFIG_IP_VS_PROTO_TCP=y
  1185. CONFIG_IP_VS_PROTO_UDP=y
  1186. CONFIG_IP_VS_PROTO_ESP=y
  1187. CONFIG_IP_VS_PROTO_AH=y
  1188. CONFIG_IP_VS_RR=m
  1189. CONFIG_IP_VS_WRR=m
  1190. CONFIG_IP_VS_LC=m
  1191. CONFIG_IP_VS_WLC=m
  1192. CONFIG_IP_VS_LBLC=m
  1193. CONFIG_IP_VS_LBLCR=m
  1194. CONFIG_IP_VS_DH=m
  1195. CONFIG_IP_VS_SH=m
  1196. CONFIG_IP_VS_SED=m
  1197. CONFIG_IP_VS_NQ=m
  1198. CONFIG_IP_VS_FTP=m
  1199. CONFIG_IPV6=m
  1200. CONFIG_IPV6_PRIVACY=y
  1201. CONFIG_IPV6_ROUTER_PREF=y
  1202. CONFIG_IPV6_ROUTE_INFO=y
  1203. CONFIG_IPV6_OPTIMISTIC_DAD=y
  1204. CONFIG_INET6_AH=m
  1205. CONFIG_INET6_ESP=m
  1206. CONFIG_INET6_IPCOMP=m
  1207. CONFIG_INET6_XFRM_TUNNEL=m
  1208. CONFIG_INET6_TUNNEL=m
  1209. CONFIG_INET6_XFRM_MODE_TRANSPORT=m
  1210. CONFIG_INET6_XFRM_MODE_TUNNEL=m
  1211. CONFIG_IPV6_TUNNEL=m
  1212. # CONFIG_IPV6_SUBTREES is not set
  1213. CONFIG_IPV6_MULTIPLE_TABLES=y
  1214. CONFIG_IPV6_ROUTE_FWMARK=y
  1215. CONFIG_IP_NF_CONNTRACK=m
  1216. CONFIG_IP_NF_CT_ACCT=y
  1217. CONFIG_IP_NF_CONNTRACK_MARK=y
  1218. CONFIG_IP_NF_CONNTRACK_SECMARK=y
  1219. CONFIG_IP_NF_CONNTRACK_EVENTS=y
  1220. CONFIG_IP_NF_CONNTRACK_NETLINK=m
  1221. CONFIG_IP_NF_CT_PROTO_SCTP=m
  1222. CONFIG_IP_NF_FTP=m
  1223. CONFIG_IP_NF_IRC=m
  1224. CONFIG_IP_NF_NETBIOS_NS=m
  1225. CONFIG_IP_NF_TFTP=m
  1226. CONFIG_IP_NF_AMANDA=m
  1227. CONFIG_IP_NF_PPTP=m
  1228. CONFIG_IP_NF_H323=m
  1229. CONFIG_IP_NF_SIP=m
  1230. CONFIG_IP_NF_QUEUE=m
  1231. CONFIG_IP_NF_IPTABLES=m
  1232. CONFIG_IP_NF_MATCH_IPRANGE=m
  1233. CONFIG_IP_NF_MATCH_TOS=m
  1234. CONFIG_IP_NF_MATCH_RECENT=m
  1235. CONFIG_IP_NF_MATCH_ECN=m
  1236. CONFIG_IP_NF_MATCH_DSCP=m
  1237. CONFIG_IP_NF_MATCH_AH=m
  1238. CONFIG_IP_NF_MATCH_TTL=m
  1239. CONFIG_IP_NF_MATCH_OWNER=m
  1240. CONFIG_IP_NF_MATCH_ADDRTYPE=m
  1241. CONFIG_IP_NF_MATCH_HASHLIMIT=m
  1242. CONFIG_IP_NF_FILTER=m
  1243. CONFIG_IP_NF_TARGET_REJECT=m
  1244. CONFIG_IP_NF_TARGET_LOG=m
  1245. CONFIG_IP_NF_TARGET_ULOG=m
  1246. CONFIG_IP_NF_TARGET_TCPMSS=m
  1247. CONFIG_IP_NF_NAT=m
  1248. CONFIG_IP_NF_NAT_NEEDED=y
  1249. CONFIG_IP_NF_TARGET_MASQUERADE=m
  1250. CONFIG_IP_NF_TARGET_REDIRECT=m
  1251. CONFIG_IP_NF_TARGET_NETMAP=m
  1252. CONFIG_IP_NF_TARGET_SAME=m
  1253. CONFIG_IP_NF_NAT_SNMP_BASIC=m
  1254. CONFIG_IP_NF_NAT_IRC=m
  1255. CONFIG_IP_NF_NAT_FTP=m
  1256. CONFIG_IP_NF_NAT_TFTP=m
  1257. CONFIG_IP_NF_NAT_AMANDA=m
  1258. CONFIG_IP_NF_NAT_PPTP=m
  1259. CONFIG_IP_NF_NAT_H323=m
  1260. CONFIG_IP_NF_NAT_SIP=m
  1261. CONFIG_IP_NF_MANGLE=m
  1262. CONFIG_IP_NF_TARGET_IMQ=m
  1263. CONFIG_IP_NF_TARGET_TOS=m
  1264. CONFIG_IP_NF_TARGET_ECN=m
  1265. CONFIG_IP_NF_TARGET_DSCP=m
  1266. CONFIG_IP_NF_TARGET_TTL=m
  1267. CONFIG_IP_NF_TARGET_CLUSTERIP=m
  1268. CONFIG_IP_NF_RAW=m
  1269. CONFIG_IP_NF_ARPTABLES=m
  1270. CONFIG_IP_NF_ARPFILTER=m
  1271. CONFIG_IP_NF_ARP_MANGLE=m
  1272. CONFIG_IP_NF_MATCH_IPP2P=m
  1273. CONFIG_IP6_NF_QUEUE=m
  1274. CONFIG_IP6_NF_IPTABLES=m
  1275. CONFIG_IP6_NF_MATCH_RT=m
  1276. CONFIG_IP6_NF_MATCH_OPTS=m
  1277. CONFIG_IP6_NF_MATCH_FRAG=m
  1278. CONFIG_IP6_NF_MATCH_HL=m
  1279. CONFIG_IP6_NF_MATCH_OWNER=m
  1280. CONFIG_IP6_NF_MATCH_IPV6HEADER=m
  1281. CONFIG_IP6_NF_MATCH_AH=m
  1282. CONFIG_IP6_NF_MATCH_EUI64=m
  1283. CONFIG_IP6_NF_FILTER=m
  1284. CONFIG_IP6_NF_TARGET_LOG=m
  1285. CONFIG_IP6_NF_TARGET_REJECT=m
  1286. CONFIG_IP6_NF_MANGLE=m
  1287. CONFIG_IP6_NF_TARGET_IMQ=m
  1288. CONFIG_IP6_NF_TARGET_HL=m
  1289. CONFIG_IP6_NF_RAW=m
  1290. CONFIG_IP_DCCP=m
  1291. CONFIG_INET_DCCP_DIAG=m
  1292. CONFIG_IP_DCCP_ACKVEC=y
  1293. CONFIG_IP_DCCP_CCID2=m
  1294. CONFIG_IP_DCCP_CCID3=m
  1295. CONFIG_IP_DCCP_TFRC_LIB=m
  1296. # CONFIG_IP_DCCP_DEBUG is not set
  1297. CONFIG_IP_SCTP=m
  1298. CONFIG_IPX=m
  1299. # CONFIG_IPX_INTERN is not set
  1300. CONFIG_IPW2100=m
  1301. CONFIG_IPW2100_MONITOR=y
  1302. # CONFIG_IPW2100_DEBUG is not set
  1303. CONFIG_IPW2200=m
  1304. CONFIG_IPW2200_MONITOR=y
  1305. CONFIG_IPW2200_RADIOTAP=y
  1306. CONFIG_IPW2200_PROMISCUOUS=y
  1307. CONFIG_IPW2200_QOS=y
  1308. # CONFIG_IPW2200_DEBUG is not set
  1309. CONFIG_IPPP_FILTER=y
  1310. CONFIG_IPMI_HANDLER=m
  1311. CONFIG_IPMI_PANIC_EVENT=y
  1312. CONFIG_IPMI_PANIC_STRING=y
  1313. CONFIG_IPMI_DEVICE_INTERFACE=m
  1314. CONFIG_IPMI_SI=m
  1315. CONFIG_IPMI_WATCHDOG=m
  1316. CONFIG_IPMI_POWEROFF=m
  1317. CONFIG_HW_RANDOM=y
  1318. CONFIG_HW_RANDOM_INTEL=m
  1319. CONFIG_HW_RANDOM_AMD=m
  1320. CONFIG_HW_RANDOM_GEODE=m
  1321. CONFIG_HW_RANDOM_VIA=m
  1322. CONFIG_SECURITY_NETWORK_XFRM=y
  1323. CONFIG_CRYPTO_DEV_PADLOCK=m
  1324. CONFIG_CRYPTO_DEV_PADLOCK_AES=y
  1325. + _________________________ etc/syslog.conf
  1326. + _________________________ etc/syslog-ng/syslog-ng.conf
  1327. + cat /etc/syslog-ng/syslog-ng.conf
  1328. cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
  1329. + cat /etc/syslog.conf
  1330. # Log all kernel messages to the console.
  1331. # Logging much else clutters up the screen.
  1332. #kern.* /dev/console
  1333.  
  1334. # Log anything (except mail) of level info or higher.
  1335. # Don't log private authentication messages!
  1336. *.info;mail.none;authpriv.none;cron.none;local6.none;local5.none;local0.none /var/log/messages
  1337.  
  1338. # The authpriv file has restricted access.
  1339. authpriv.* /var/log/secure
  1340.  
  1341. # Log all the mail messages in one place.
  1342. mail.info -/var/log/maillog
  1343.  
  1344.  
  1345. # Log cron stuff
  1346. cron.* /var/log/cron
  1347.  
  1348. # Everybody gets emergency messages
  1349. *.emerg *
  1350.  
  1351. # Save news errors of level crit and higher in a special file.
  1352. uucp,news.crit /var/log/spooler
  1353.  
  1354. # Save boot messages also to boot.log
  1355. local7.* /var/log/boot.log
  1356. local6.* /var/log/system
  1357. local5.* /var/log/compliance
  1358. local0.* /var/log/suva
  1359. + _________________________ etc/resolv.conf
  1360. + cat /etc/resolv.conf
  1361. ; generated by /sbin/dhclient-script
  1362. search orange.nl
  1363. nameserver 194.134.5.5
  1364. nameserver 194.134.0.97
  1365. + _________________________ lib/modules-ls
  1366. + ls -ltr /lib/modules
  1367. total 8
  1368. drwxr-xr-x 6 root root 4096 Aug 25 19:00 2.6.18-194.8.1.v5
  1369. + _________________________ fipscheck
  1370. + cat /proc/sys/crypto/fips_enabled
  1371. 0
  1372. + _________________________ /proc/ksyms-netif_rx
  1373. + test -r /proc/ksyms
  1374. + test -r /proc/kallsyms
  1375. + egrep netif_rx /proc/kallsyms
  1376. c05c5d1c T __netif_rx_schedule
  1377. c05c70bb T netif_rx
  1378. c05c85c1 T netif_rx_ni
  1379. c05c70bb U netif_rx [xfrm6_esp]
  1380. c05c70bb U netif_rx [xfrm4_esp]
  1381. c05c70bb U netif_rx [ipv6]
  1382. c05c70bb U netif_rx [ppp_generic]
  1383. c05c70bb U netif_rx [3c59x]
  1384. c05c70bb U netif_rx [sis900]
  1385. + _________________________ lib/modules-netif_rx
  1386. + modulegoo kernel/net/ipv4/ipip.o netif_rx
  1387. + set +x
  1388. 2.6.18-194.8.1.v5:
  1389. + _________________________ kern.debug
  1390. + test -f /var/log/kern.debug
  1391. + _________________________ klog
  1392. + sed -n '483,$p' /var/log/messages
  1393. + egrep -i 'ipsec|klips|pluto'
  1394. + case "$1" in
  1395. + cat
  1396. Aug 25 13:46:44 system ipsec_setup: Starting Openswan IPsec U2.6.28/K2.6.18-194.8.1.v5...
  1397. Aug 25 13:46:44 system pluto: adjusting ipsec.d to /etc/ipsec.d
  1398. Aug 25 13:46:44 system ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
  1399. Aug 25 13:46:44 system ipsec_setup: ...Openswan IPsec started
  1400. Aug 25 13:46:45 system ipsec__plutorun: 002 loading certificate from Left1024-cert.pem
  1401. Aug 25 13:46:45 system ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/Left1024-cert.pem' (1635 bytes)
  1402. Aug 25 13:46:45 system ipsec__plutorun: 002 added connection description "LAN"
  1403. Aug 25 13:46:45 system ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
  1404. Aug 25 13:46:45 system ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
  1405. Aug 25 13:46:45 system ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T
  1406. + _________________________ plog
  1407. + sed -n '139,$p' /var/log/secure
  1408. + egrep -i pluto
  1409. + case "$1" in
  1410. + cat
  1411. Aug 25 13:46:44 system ipsec__plutorun: Starting Pluto subsystem...
  1412. Aug 25 13:46:44 system pluto[19911]: Starting Pluto (Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ) pid:19911
  1413. Aug 25 13:46:44 system pluto[19911]: SAref support [disabled]: Protocol not available
  1414. Aug 25 13:46:44 system pluto[19911]: SAbind support [disabled]: Protocol not available
  1415. Aug 25 13:46:44 system pluto[19911]: Setting NAT-Traversal port-4500 floating to on
  1416. Aug 25 13:46:44 system pluto[19911]: port floating activation criteria nat_t=1/port_float=1
  1417. Aug 25 13:46:44 system pluto[19911]: NAT-Traversal support [enabled]
  1418. Aug 25 13:46:44 system pluto[19911]: fixup for bad virtual_private entry '%4:!10.97.10.0/24', please fix your virtual_private line!
  1419. Aug 25 13:46:44 system pluto[19911]: fixup for bad virtual_private entry '%4:!10.97.10.0/24', please fix your virtual_private line!
  1420. Aug 25 13:46:44 system pluto[19911]: using /dev/urandom as source of random entropy
  1421. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
  1422. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
  1423. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
  1424. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  1425. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
  1426. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
  1427. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
  1428. Aug 25 13:46:44 system pluto[19911]: starting up 1 cryptographic helpers
  1429. Aug 25 13:46:44 system pluto[19917]: using /dev/urandom as source of random entropy
  1430. Aug 25 13:46:44 system pluto[19911]: started helper pid=19917 (fd:7)
  1431. Aug 25 13:46:44 system pluto[19911]: Using Linux 2.6 IPsec interface code on 2.6.18-194.8.1.v5 (experimental code)
  1432. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
  1433. Aug 25 13:46:44 system pluto[19911]: ike_alg_add(): ERROR: Algorithm already exists
  1434. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
  1435. Aug 25 13:46:44 system pluto[19911]: ike_alg_add(): ERROR: Algorithm already exists
  1436. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
  1437. Aug 25 13:46:44 system pluto[19911]: ike_alg_add(): ERROR: Algorithm already exists
  1438. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
  1439. Aug 25 13:46:44 system pluto[19911]: ike_alg_add(): ERROR: Algorithm already exists
  1440. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
  1441. Aug 25 13:46:44 system pluto[19911]: ike_alg_add(): ERROR: Algorithm already exists
  1442. Aug 25 13:46:44 system pluto[19911]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
  1443. Aug 25 13:46:44 system pluto[19911]: Changed path to directory '/etc/ipsec.d/cacerts'
  1444. Aug 25 13:46:44 system pluto[19911]: loaded CA cert file 'Testing1024-crl.pem' (568 bytes)
  1445. Aug 25 13:46:44 system pluto[19911]: error in X.509 certificate Testing1024-crl.pem
  1446. Aug 25 13:46:44 system pluto[19911]: loaded CA cert file 'Testing1024-cacert.pem' (1639 bytes)
  1447. Aug 25 13:46:44 system pluto[19911]: Changed path to directory '/etc/ipsec.d/aacerts'
  1448. Aug 25 13:46:44 system pluto[19911]: Changed path to directory '/etc/ipsec.d/ocspcerts'
  1449. Aug 25 13:46:44 system pluto[19911]: Changing to directory '/etc/ipsec.d/crls'
  1450. Aug 25 13:46:44 system pluto[19911]: loaded crl file 'Testing1024-crl.pem' (568 bytes)
  1451. Aug 25 13:46:44 system pluto[19911]: loading certificate from Left1024-cert.pem
  1452. Aug 25 13:46:44 system pluto[19911]: loaded host cert file '/etc/ipsec.d/certs/Left1024-cert.pem' (1635 bytes)
  1453. Aug 25 13:46:45 system pluto[19911]: added connection description "LAN"
  1454. Aug 25 13:46:45 system pluto[19911]: listening for IKE messages
  1455. Aug 25 13:46:45 system pluto[19911]: NAT-Traversal: Trying new style NAT-T
  1456. Aug 25 13:46:45 system pluto[19911]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
  1457. Aug 25 13:46:45 system pluto[19911]: NAT-Traversal: Trying old style NAT-T
  1458. Aug 25 13:46:45 system pluto[19911]: adding interface eth0/eth0 85.145.148.106:500
  1459. Aug 25 13:46:45 system pluto[19911]: adding interface eth0/eth0 85.145.148.106:4500
  1460. Aug 25 13:46:45 system pluto[19911]: adding interface eth1/eth1 10.97.10.1:500
  1461. Aug 25 13:46:45 system pluto[19911]: adding interface eth1/eth1 10.97.10.1:4500
  1462. Aug 25 13:46:45 system pluto[19911]: adding interface lo/lo 127.0.0.1:500
  1463. Aug 25 13:46:45 system pluto[19911]: adding interface lo/lo 127.0.0.1:4500
  1464. Aug 25 13:46:45 system pluto[19911]: adding interface lo/lo ::1:500
  1465. Aug 25 13:46:45 system pluto[19911]: loading secrets from "/etc/ipsec.secrets"
  1466. Aug 25 13:46:45 system pluto[19911]: loaded private key file '/etc/ipsec.d/private/Left1024-key.pem' (963 bytes)
  1467. Aug 25 13:46:45 system pluto[19911]: loaded private key for keyid: PPK_RSA:AwEAAac0u
  1468. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1469. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [Dead Peer Detection]
  1470. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [RFC 3947] method set to=109
  1471. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1472. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1473. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1474. Aug 25 13:49:16 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1475. Aug 25 13:49:16 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: responding to Main Mode from unknown peer 62.140.137.121
  1476. Aug 25 13:49:16 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1477. Aug 25 13:49:16 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: STATE_MAIN_R1: sent MR1, expecting MI2
  1478. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1479. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1480. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: STATE_MAIN_R2: sent MR2, expecting MI3
  1481. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1482. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: I am sending my cert
  1483. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1484. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: new NAT mapping for #1, was 62.140.137.121:37386, now 62.140.137.121:37394
  1485. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1486. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: the peer proposed: 10.97.10.0/24:0/0 -> 192.168.0.102/32:0/0
  1487. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: responding to Quick Mode proposal {msgid:d5514e4c}
  1488. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1489. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: them: 62.140.137.121[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===192.168.0.102/32
  1490. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1491. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1492. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1493. Aug 25 13:49:17 system pluto[19911]: "LAN"[1] 62.140.137.121 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x2bb0ea5d <0xbf822e57 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=62.140.137.121:37394 DPD=none}
  1494. Aug 25 13:49:40 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: received Delete SA(0x2bb0ea5d) payload: deleting IPSEC State #2
  1495. Aug 25 13:49:40 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: received and ignored informational message
  1496. Aug 25 13:49:41 system pluto[19911]: "LAN"[1] 62.140.137.121 #1: received Delete SA payload: deleting ISAKMP State #1
  1497. Aug 25 13:49:41 system pluto[19911]: "LAN"[1] 62.140.137.121: deleting connection "LAN" instance with peer 62.140.137.121 {isakmp=#0/ipsec=#0}
  1498. Aug 25 13:49:41 system pluto[19911]: packet from 62.140.137.121:37394: received and ignored informational message
  1499. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1500. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [Dead Peer Detection]
  1501. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [RFC 3947] method set to=109
  1502. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1503. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1504. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1505. Aug 25 13:49:46 system pluto[19911]: packet from 62.140.137.121:37386: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1506. Aug 25 13:49:46 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: responding to Main Mode from unknown peer 62.140.137.121
  1507. Aug 25 13:49:46 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1508. Aug 25 13:49:46 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: STATE_MAIN_R1: sent MR1, expecting MI2
  1509. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1510. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1511. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: STATE_MAIN_R2: sent MR2, expecting MI3
  1512. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1513. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: I am sending my cert
  1514. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1515. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: new NAT mapping for #3, was 62.140.137.121:37386, now 62.140.137.121:37394
  1516. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1517. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: the peer proposed: 10.97.10.0/24:0/0 -> 192.168.0.102/32:0/0
  1518. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: responding to Quick Mode proposal {msgid:4c1352e9}
  1519. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1520. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: them: 62.140.137.121[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===192.168.0.102/32
  1521. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1522. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1523. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1524. Aug 25 13:49:47 system pluto[19911]: "LAN"[2] 62.140.137.121 #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x3a9de822 <0xdd30e5b2 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=62.140.137.121:37394 DPD=none}
  1525. Aug 25 13:52:29 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: received Delete SA(0x3a9de822) payload: deleting IPSEC State #4
  1526. Aug 25 13:52:29 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: received and ignored informational message
  1527. Aug 25 13:52:29 system pluto[19911]: "LAN"[2] 62.140.137.121 #3: received Delete SA payload: deleting ISAKMP State #3
  1528. Aug 25 13:52:29 system pluto[19911]: "LAN"[2] 62.140.137.121: deleting connection "LAN" instance with peer 62.140.137.121 {isakmp=#0/ipsec=#0}
  1529. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:37394: received and ignored informational message
  1530. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1531. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [Dead Peer Detection]
  1532. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [RFC 3947] method set to=109
  1533. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1534. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1535. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1536. Aug 25 13:52:29 system pluto[19911]: packet from 62.140.137.121:45638: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1537. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: responding to Main Mode from unknown peer 62.140.137.121
  1538. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1539. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: STATE_MAIN_R1: sent MR1, expecting MI2
  1540. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1541. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1542. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: STATE_MAIN_R2: sent MR2, expecting MI3
  1543. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1544. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: I am sending my cert
  1545. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1546. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: new NAT mapping for #5, was 62.140.137.121:45638, now 62.140.137.121:37394
  1547. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1548. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: the peer proposed: 10.97.10.0/24:0/0 -> 192.168.0.102/32:0/0
  1549. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: responding to Quick Mode proposal {msgid:b08d5d9b}
  1550. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1551. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: them: 62.140.137.121[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===192.168.0.102/32
  1552. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1553. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1554. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1555. Aug 25 13:52:29 system pluto[19911]: "LAN"[3] 62.140.137.121 #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7f608526 <0x4045a59d xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=62.140.137.121:37394 DPD=none}
  1556. Aug 25 13:52:38 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: received Delete SA(0x7f608526) payload: deleting IPSEC State #6
  1557. Aug 25 13:52:38 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: received and ignored informational message
  1558. Aug 25 13:52:38 system pluto[19911]: "LAN"[3] 62.140.137.121 #5: received Delete SA payload: deleting ISAKMP State #5
  1559. Aug 25 13:52:38 system pluto[19911]: "LAN"[3] 62.140.137.121: deleting connection "LAN" instance with peer 62.140.137.121 {isakmp=#0/ipsec=#0}
  1560. Aug 25 13:52:38 system pluto[19911]: packet from 62.140.137.121:37394: received and ignored informational message
  1561. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1562. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1563. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1564. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1565. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1566. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1567. Aug 25 18:21:31 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1568. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: responding to Main Mode from unknown peer 95.96.10.129
  1569. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1570. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: STATE_MAIN_R1: sent MR1, expecting MI2
  1571. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1572. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1573. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: STATE_MAIN_R2: sent MR2, expecting MI3
  1574. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1575. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: I am sending my cert
  1576. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1577. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: new NAT mapping for #7, was 95.96.10.129:500, now 95.96.10.129:4500
  1578. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1579. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: the peer proposed: 10.97.10.0/24:0/0 -> 192.168.0.102/32:0/0
  1580. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: responding to Quick Mode proposal {msgid:f13d1a3f}
  1581. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1582. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: them: 95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===192.168.0.102/32
  1583. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1584. Aug 25 18:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1585. Aug 25 18:21:32 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1586. Aug 25 18:21:32 system pluto[19911]: "LAN"[4] 95.96.10.129 #8: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xdf8a45ef <0x138a332a xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=95.96.10.129:4500 DPD=none}
  1587. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1588. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1589. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1590. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1591. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1592. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1593. Aug 25 19:07:28 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1594. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: responding to Main Mode from unknown peer 95.96.10.129
  1595. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1596. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: STATE_MAIN_R1: sent MR1, expecting MI2
  1597. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1598. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1599. Aug 25 19:07:28 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: STATE_MAIN_R2: sent MR2, expecting MI3
  1600. Aug 25 19:07:29 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1601. Aug 25 19:07:29 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: I am sending my cert
  1602. Aug 25 19:07:29 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1603. Aug 25 19:07:29 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: new NAT mapping for #9, was 95.96.10.129:500, now 95.96.10.129:4500
  1604. Aug 25 19:07:29 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1605. Aug 25 19:21:31 system pluto[19911]: "LAN"[4] 95.96.10.129 #7: received Delete SA payload: deleting ISAKMP State #7
  1606. Aug 25 19:21:31 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  1607. Aug 25 19:24:07 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: received Delete SA(0xdf8a45ef) payload: deleting IPSEC State #8
  1608. Aug 25 19:24:07 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: received and ignored informational message
  1609. Aug 25 19:24:07 system pluto[19911]: "LAN"[4] 95.96.10.129 #9: received Delete SA payload: deleting ISAKMP State #9
  1610. Aug 25 19:24:07 system pluto[19911]: "LAN"[4] 95.96.10.129: deleting connection "LAN" instance with peer 95.96.10.129 {isakmp=#0/ipsec=#0}
  1611. Aug 25 19:24:07 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  1612. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1613. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1614. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1615. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1616. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1617. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1618. Aug 25 19:41:18 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1619. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: responding to Main Mode from unknown peer 95.96.10.129
  1620. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1621. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: STATE_MAIN_R1: sent MR1, expecting MI2
  1622. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1623. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1624. Aug 25 19:41:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: STATE_MAIN_R2: sent MR2, expecting MI3
  1625. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1626. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: I am sending my cert
  1627. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1628. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: new NAT mapping for #10, was 95.96.10.129:500, now 95.96.10.129:4500
  1629. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1630. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #10: the peer proposed: 10.97.10.0/24:0/0 -> 10.81.9.203/32:0/0
  1631. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: responding to Quick Mode proposal {msgid:3b170279}
  1632. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1633. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: them: 95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===10.81.9.203/32
  1634. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1635. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1636. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1637. Aug 25 19:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xcf518acc <0x9999a0c7 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=95.96.10.129:4500 DPD=none}
  1638. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1639. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1640. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1641. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1642. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1643. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1644. Aug 25 20:29:04 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1645. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: responding to Main Mode from unknown peer 95.96.10.129
  1646. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1647. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: STATE_MAIN_R1: sent MR1, expecting MI2
  1648. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1649. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1650. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: STATE_MAIN_R2: sent MR2, expecting MI3
  1651. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1652. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: I am sending my cert
  1653. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1654. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: new NAT mapping for #12, was 95.96.10.129:500, now 95.96.10.129:4500
  1655. Aug 25 20:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1656. Aug 25 21:24:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #13: initiating Main Mode to replace #12
  1657. Aug 25 21:29:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #12: ISAKMP SA expired (LATEST!)
  1658. Aug 25 21:37:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #13: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1659. Aug 25 21:37:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #13: starting keying attempt 2 of an unlimited number
  1660. Aug 25 21:37:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #14: initiating Main Mode to replace #13
  1661. Aug 25 21:50:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #14: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1662. Aug 25 21:50:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #14: starting keying attempt 3 of an unlimited number
  1663. Aug 25 21:50:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #15: initiating Main Mode to replace #14
  1664. Aug 25 22:04:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #15: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1665. Aug 25 22:04:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #15: starting keying attempt 4 of an unlimited number
  1666. Aug 25 22:04:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #16: initiating Main Mode to replace #15
  1667. Aug 25 22:17:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #16: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1668. Aug 25 22:17:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #16: starting keying attempt 5 of an unlimited number
  1669. Aug 25 22:17:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #17: initiating Main Mode to replace #16
  1670. Aug 25 22:30:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #17: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1671. Aug 25 22:30:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #17: starting keying attempt 6 of an unlimited number
  1672. Aug 25 22:30:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #18: initiating Main Mode to replace #17
  1673. Aug 25 22:43:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #18: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1674. Aug 25 22:43:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #18: starting keying attempt 7 of an unlimited number
  1675. Aug 25 22:43:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #19: initiating Main Mode to replace #18
  1676. Aug 25 22:56:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #19: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1677. Aug 25 22:56:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #19: starting keying attempt 8 of an unlimited number
  1678. Aug 25 22:56:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #20: initiating Main Mode to replace #19
  1679. Aug 25 23:09:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #20: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1680. Aug 25 23:09:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #20: starting keying attempt 9 of an unlimited number
  1681. Aug 25 23:09:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #21: initiating Main Mode to replace #20
  1682. Aug 25 23:23:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #21: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1683. Aug 25 23:23:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #21: starting keying attempt 10 of an unlimited number
  1684. Aug 25 23:23:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #22: initiating Main Mode to replace #21
  1685. Aug 25 23:36:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #22: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1686. Aug 25 23:36:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #22: starting keying attempt 11 of an unlimited number
  1687. Aug 25 23:36:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #23: initiating Main Mode to replace #22
  1688. Aug 25 23:49:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #23: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1689. Aug 25 23:49:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #23: starting keying attempt 12 of an unlimited number
  1690. Aug 25 23:49:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #24: initiating Main Mode to replace #23
  1691. Aug 26 00:02:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #24: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1692. Aug 26 00:02:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #24: starting keying attempt 13 of an unlimited number
  1693. Aug 26 00:02:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #25: initiating Main Mode to replace #24
  1694. Aug 26 00:15:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #25: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1695. Aug 26 00:15:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #25: starting keying attempt 14 of an unlimited number
  1696. Aug 26 00:15:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #26: initiating Main Mode to replace #25
  1697. Aug 26 00:28:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #26: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1698. Aug 26 00:28:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #26: starting keying attempt 15 of an unlimited number
  1699. Aug 26 00:28:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #27: initiating Main Mode to replace #26
  1700. Aug 26 00:42:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #27: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1701. Aug 26 00:42:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #27: starting keying attempt 16 of an unlimited number
  1702. Aug 26 00:42:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #28: initiating Main Mode to replace #27
  1703. Aug 26 00:55:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #28: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1704. Aug 26 00:55:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #28: starting keying attempt 17 of an unlimited number
  1705. Aug 26 00:55:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #29: initiating Main Mode to replace #28
  1706. Aug 26 01:08:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #29: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1707. Aug 26 01:08:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #29: starting keying attempt 18 of an unlimited number
  1708. Aug 26 01:08:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #30: initiating Main Mode to replace #29
  1709. Aug 26 01:21:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #30: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1710. Aug 26 01:21:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #30: starting keying attempt 19 of an unlimited number
  1711. Aug 26 01:21:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #31: initiating Main Mode to replace #30
  1712. Aug 26 01:34:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #31: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1713. Aug 26 01:34:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #31: starting keying attempt 20 of an unlimited number
  1714. Aug 26 01:34:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #32: initiating Main Mode to replace #31
  1715. Aug 26 01:47:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #32: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1716. Aug 26 01:47:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #32: starting keying attempt 21 of an unlimited number
  1717. Aug 26 01:47:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #33: initiating Main Mode to replace #32
  1718. Aug 26 02:01:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #33: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1719. Aug 26 02:01:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #33: starting keying attempt 22 of an unlimited number
  1720. Aug 26 02:01:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #34: initiating Main Mode to replace #33
  1721. Aug 26 02:14:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #34: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1722. Aug 26 02:14:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #34: starting keying attempt 23 of an unlimited number
  1723. Aug 26 02:14:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #35: initiating Main Mode to replace #34
  1724. Aug 26 02:27:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #35: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1725. Aug 26 02:27:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #35: starting keying attempt 24 of an unlimited number
  1726. Aug 26 02:27:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #36: initiating Main Mode to replace #35
  1727. Aug 26 02:40:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #36: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1728. Aug 26 02:40:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #36: starting keying attempt 25 of an unlimited number
  1729. Aug 26 02:40:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #37: initiating Main Mode to replace #36
  1730. Aug 26 02:53:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #37: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1731. Aug 26 02:53:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #37: starting keying attempt 26 of an unlimited number
  1732. Aug 26 02:53:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #38: initiating Main Mode to replace #37
  1733. Aug 26 03:06:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #38: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1734. Aug 26 03:06:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #38: starting keying attempt 27 of an unlimited number
  1735. Aug 26 03:06:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #39: initiating Main Mode to replace #38
  1736. Aug 26 03:20:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #39: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1737. Aug 26 03:20:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #39: starting keying attempt 28 of an unlimited number
  1738. Aug 26 03:20:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #40: initiating Main Mode to replace #39
  1739. Aug 26 03:33:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #40: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1740. Aug 26 03:33:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #40: starting keying attempt 29 of an unlimited number
  1741. Aug 26 03:33:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #41: initiating Main Mode to replace #40
  1742. Aug 26 03:41:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #11: IPsec SA expired (LATEST!)
  1743. Aug 26 03:46:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #41: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1744. Aug 26 03:46:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #41: starting keying attempt 30 of an unlimited number
  1745. Aug 26 03:46:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #42: initiating Main Mode to replace #41
  1746. Aug 26 03:59:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #42: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1747. Aug 26 03:59:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #42: starting keying attempt 31 of an unlimited number
  1748. Aug 26 03:59:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #43: initiating Main Mode to replace #42
  1749. Aug 26 04:12:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #43: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1750. Aug 26 04:12:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #43: starting keying attempt 32 of an unlimited number
  1751. Aug 26 04:12:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #44: initiating Main Mode to replace #43
  1752. Aug 26 04:25:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #44: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1753. Aug 26 04:25:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #44: starting keying attempt 33 of an unlimited number
  1754. Aug 26 04:25:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #45: initiating Main Mode to replace #44
  1755. Aug 26 04:39:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #45: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1756. Aug 26 04:39:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #45: starting keying attempt 34 of an unlimited number
  1757. Aug 26 04:39:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #46: initiating Main Mode to replace #45
  1758. Aug 26 04:52:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #46: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1759. Aug 26 04:52:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #46: starting keying attempt 35 of an unlimited number
  1760. Aug 26 04:52:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #47: initiating Main Mode to replace #46
  1761. Aug 26 05:05:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #47: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1762. Aug 26 05:05:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #47: starting keying attempt 36 of an unlimited number
  1763. Aug 26 05:05:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #48: initiating Main Mode to replace #47
  1764. Aug 26 05:18:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #48: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1765. Aug 26 05:18:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #48: starting keying attempt 37 of an unlimited number
  1766. Aug 26 05:18:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #49: initiating Main Mode to replace #48
  1767. Aug 26 05:31:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #49: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1768. Aug 26 05:31:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #49: starting keying attempt 38 of an unlimited number
  1769. Aug 26 05:31:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #50: initiating Main Mode to replace #49
  1770. Aug 26 05:44:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #50: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1771. Aug 26 05:44:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #50: starting keying attempt 39 of an unlimited number
  1772. Aug 26 05:44:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #51: initiating Main Mode to replace #50
  1773. Aug 26 05:58:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #51: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1774. Aug 26 05:58:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #51: starting keying attempt 40 of an unlimited number
  1775. Aug 26 05:58:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #52: initiating Main Mode to replace #51
  1776. Aug 26 06:11:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #52: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1777. Aug 26 06:11:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #52: starting keying attempt 41 of an unlimited number
  1778. Aug 26 06:11:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #53: initiating Main Mode to replace #52
  1779. Aug 26 06:24:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #53: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1780. Aug 26 06:24:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #53: starting keying attempt 42 of an unlimited number
  1781. Aug 26 06:24:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #54: initiating Main Mode to replace #53
  1782. Aug 26 06:37:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #54: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1783. Aug 26 06:37:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #54: starting keying attempt 43 of an unlimited number
  1784. Aug 26 06:37:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #55: initiating Main Mode to replace #54
  1785. Aug 26 06:50:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #55: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1786. Aug 26 06:50:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #55: starting keying attempt 44 of an unlimited number
  1787. Aug 26 06:50:44 system pluto[19911]: "LAN"[5] 95.96.10.129 #56: initiating Main Mode to replace #55
  1788. Aug 26 07:03:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #56: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1789. Aug 26 07:03:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #56: starting keying attempt 45 of an unlimited number
  1790. Aug 26 07:03:54 system pluto[19911]: "LAN"[5] 95.96.10.129 #57: initiating Main Mode to replace #56
  1791. Aug 26 07:17:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #57: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1792. Aug 26 07:17:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #57: starting keying attempt 46 of an unlimited number
  1793. Aug 26 07:17:04 system pluto[19911]: "LAN"[5] 95.96.10.129 #58: initiating Main Mode to replace #57
  1794. Aug 26 07:30:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #58: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1795. Aug 26 07:30:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #58: starting keying attempt 47 of an unlimited number
  1796. Aug 26 07:30:14 system pluto[19911]: "LAN"[5] 95.96.10.129 #59: initiating Main Mode to replace #58
  1797. Aug 26 07:43:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #59: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1798. Aug 26 07:43:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #59: starting keying attempt 48 of an unlimited number
  1799. Aug 26 07:43:24 system pluto[19911]: "LAN"[5] 95.96.10.129 #60: initiating Main Mode to replace #59
  1800. Aug 26 07:56:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #60: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1801. Aug 26 07:56:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #60: starting keying attempt 49 of an unlimited number
  1802. Aug 26 07:56:34 system pluto[19911]: "LAN"[5] 95.96.10.129 #61: initiating Main Mode to replace #60
  1803. Aug 26 08:09:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #61: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1804. Aug 26 08:09:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #61: starting keying attempt 50 of an unlimited number
  1805. Aug 26 08:09:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #62: initiating Main Mode to replace #61
  1806. Aug 26 08:22:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #62: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1807. Aug 26 08:22:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #62: starting keying attempt 51 of an unlimited number
  1808. Aug 26 08:22:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #63: initiating Main Mode to replace #62
  1809. Aug 26 08:36:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #63: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1810. Aug 26 08:36:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #63: starting keying attempt 52 of an unlimited number
  1811. Aug 26 08:36:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #64: initiating Main Mode to replace #63
  1812. Aug 26 08:49:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #64: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1813. Aug 26 08:49:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #64: starting keying attempt 53 of an unlimited number
  1814. Aug 26 08:49:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #65: initiating Main Mode to replace #64
  1815. Aug 26 09:02:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #65: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1816. Aug 26 09:02:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #65: starting keying attempt 54 of an unlimited number
  1817. Aug 26 09:02:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #66: initiating Main Mode to replace #65
  1818. Aug 26 09:15:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #66: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1819. Aug 26 09:15:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #66: starting keying attempt 55 of an unlimited number
  1820. Aug 26 09:15:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #67: initiating Main Mode to replace #66
  1821. Aug 26 09:28:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #67: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1822. Aug 26 09:28:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #67: starting keying attempt 56 of an unlimited number
  1823. Aug 26 09:28:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #68: initiating Main Mode to replace #67
  1824. Aug 26 09:41:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #68: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1825. Aug 26 09:41:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #68: starting keying attempt 57 of an unlimited number
  1826. Aug 26 09:41:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #69: initiating Main Mode to replace #68
  1827. Aug 26 09:55:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #69: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1828. Aug 26 09:55:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #69: starting keying attempt 58 of an unlimited number
  1829. Aug 26 09:55:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #70: initiating Main Mode to replace #69
  1830. Aug 26 10:08:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #70: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1831. Aug 26 10:08:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #70: starting keying attempt 59 of an unlimited number
  1832. Aug 26 10:08:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #71: initiating Main Mode to replace #70
  1833. Aug 26 10:21:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #71: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1834. Aug 26 10:21:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #71: starting keying attempt 60 of an unlimited number
  1835. Aug 26 10:21:27 system pluto[19911]: "LAN"[5] 95.96.10.129 #72: initiating Main Mode to replace #71
  1836. Aug 26 10:34:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #72: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1837. Aug 26 10:34:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #72: starting keying attempt 61 of an unlimited number
  1838. Aug 26 10:34:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #73: initiating Main Mode to replace #72
  1839. Aug 26 10:47:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #73: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1840. Aug 26 10:47:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #73: starting keying attempt 62 of an unlimited number
  1841. Aug 26 10:47:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #74: initiating Main Mode to replace #73
  1842. Aug 26 11:00:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #74: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1843. Aug 26 11:00:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #74: starting keying attempt 63 of an unlimited number
  1844. Aug 26 11:00:57 system pluto[19911]: "LAN"[5] 95.96.10.129 #75: initiating Main Mode to replace #74
  1845. Aug 26 11:14:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #75: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1846. Aug 26 11:14:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #75: starting keying attempt 64 of an unlimited number
  1847. Aug 26 11:14:07 system pluto[19911]: "LAN"[5] 95.96.10.129 #76: initiating Main Mode to replace #75
  1848. Aug 26 11:27:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #76: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1849. Aug 26 11:27:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #76: starting keying attempt 65 of an unlimited number
  1850. Aug 26 11:27:17 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: initiating Main Mode to replace #76
  1851. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1852. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1853. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1854. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1855. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1856. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1857. Aug 26 11:31:39 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1858. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: responding to Main Mode from unknown peer 95.96.10.129
  1859. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1860. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: STATE_MAIN_R1: sent MR1, expecting MI2
  1861. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1862. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1863. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: STATE_MAIN_R2: sent MR2, expecting MI3
  1864. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1865. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: I am sending my cert
  1866. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1867. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: new NAT mapping for #78, was 95.96.10.129:500, now 95.96.10.129:4500
  1868. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1869. Aug 26 11:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: the peer proposed: 10.97.10.0/24:0/0 -> 10.81.9.204/32:0/0
  1870. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: responding to Quick Mode proposal {msgid:d6aad545}
  1871. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  1872. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: them: 95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===10.81.9.204/32
  1873. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  1874. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  1875. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  1876. Aug 26 11:31:39 system pluto[19911]: "LAN"[6] 95.96.10.129 #79: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xad585a15 <0xad22afb1 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=95.96.10.129:4500 DPD=none}
  1877. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1878. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: received Vendor ID payload [Dead Peer Detection]
  1879. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: received Vendor ID payload [RFC 3947] method set to=109
  1880. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: enabling possible NAT-traversal with method 4
  1881. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  1882. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: STATE_MAIN_I2: sent MI2, expecting MR2
  1883. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1884. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: I am sending my cert
  1885. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: I am sending a certificate request
  1886. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  1887. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: STATE_MAIN_I3: sent MI3, expecting MR3
  1888. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: received Vendor ID payload [CAN-IKEv2]
  1889. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1890. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  1891. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #77: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1892. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #80: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW to replace #11 {using isakmp#77 msgid:7c188bcd proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
  1893. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #80: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
  1894. Aug 26 11:31:47 system pluto[19911]: "LAN"[5] 95.96.10.129 #80: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x21bdff69 <0x099a2dc4 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=95.96.10.129:4500 DPD=none}
  1895. Aug 26 12:20:19 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: initiating Main Mode to replace #77
  1896. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1897. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1898. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1899. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1900. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1901. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1902. Aug 26 12:27:17 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1903. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: responding to Main Mode from unknown peer 95.96.10.129
  1904. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1905. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: STATE_MAIN_R1: sent MR1, expecting MI2
  1906. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1907. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1908. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: STATE_MAIN_R2: sent MR2, expecting MI3
  1909. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1910. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: I am sending my cert
  1911. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1912. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: new NAT mapping for #82, was 95.96.10.129:500, now 95.96.10.129:4500
  1913. Aug 26 12:27:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #82: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1914. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1915. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: received Vendor ID payload [Dead Peer Detection]
  1916. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: received Vendor ID payload [RFC 3947] method set to=109
  1917. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: enabling possible NAT-traversal with method 4
  1918. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  1919. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: STATE_MAIN_I2: sent MI2, expecting MR2
  1920. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1921. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: I am sending my cert
  1922. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: I am sending a certificate request
  1923. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  1924. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: STATE_MAIN_I3: sent MI3, expecting MR3
  1925. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: received Vendor ID payload [CAN-IKEv2]
  1926. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1927. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  1928. Aug 26 12:27:29 system pluto[19911]: "LAN"[5] 95.96.10.129 #81: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1929. Aug 26 12:31:39 system pluto[19911]: "LAN"[5] 95.96.10.129 #78: received Delete SA payload: deleting ISAKMP State #78
  1930. Aug 26 12:31:39 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  1931. Aug 26 12:31:47 system pluto[19911]: packet from 95.96.10.129:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x9e17f018
  1932. Aug 26 13:12:23 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: initiating Main Mode to replace #81
  1933. Aug 26 13:22:47 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: initiating Main Mode to replace #82
  1934. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1935. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  1936. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  1937. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  1938. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  1939. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  1940. Aug 26 13:23:00 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  1941. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: responding to Main Mode from unknown peer 95.96.10.129
  1942. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  1943. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: STATE_MAIN_R1: sent MR1, expecting MI2
  1944. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1945. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  1946. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: STATE_MAIN_R2: sent MR2, expecting MI3
  1947. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1948. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: I am sending my cert
  1949. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  1950. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: new NAT mapping for #85, was 95.96.10.129:500, now 95.96.10.129:4500
  1951. Aug 26 13:23:00 system pluto[19911]: "LAN"[6] 95.96.10.129 #85: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1952. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1953. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: received Vendor ID payload [Dead Peer Detection]
  1954. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: received Vendor ID payload [RFC 3947] method set to=109
  1955. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: enabling possible NAT-traversal with method 4
  1956. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  1957. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: STATE_MAIN_I2: sent MI2, expecting MR2
  1958. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1959. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: I am sending my cert
  1960. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: I am sending a certificate request
  1961. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  1962. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: STATE_MAIN_I3: sent MI3, expecting MR3
  1963. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: received Vendor ID payload [CAN-IKEv2]
  1964. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1965. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  1966. Aug 26 13:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1967. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  1968. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: received Vendor ID payload [Dead Peer Detection]
  1969. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: received Vendor ID payload [RFC 3947] method set to=109
  1970. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: enabling possible NAT-traversal with method 4
  1971. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  1972. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: STATE_MAIN_I2: sent MI2, expecting MR2
  1973. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  1974. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: I am sending my cert
  1975. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: I am sending a certificate request
  1976. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  1977. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: STATE_MAIN_I3: sent MI3, expecting MR3
  1978. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: received Vendor ID payload [CAN-IKEv2]
  1979. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  1980. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  1981. Aug 26 13:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  1982. Aug 26 13:27:17 system pluto[19911]: packet from 95.96.10.129:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x46f7947e
  1983. Aug 26 13:27:29 system pluto[19911]: packet from 95.96.10.129:4500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x96284328
  1984. Aug 26 14:07:42 system pluto[19911]: "LAN"[6] 95.96.10.129 #86: initiating Main Mode to replace #84
  1985. Aug 26 14:13:48 system pluto[19911]: "LAN"[5] 95.96.10.129 #87: initiating Main Mode to replace #83
  1986. Aug 26 14:20:52 system pluto[19911]: "LAN"[6] 95.96.10.129 #86: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1987. Aug 26 14:20:52 system pluto[19911]: "LAN"[6] 95.96.10.129 #86: starting keying attempt 2 of an unlimited number
  1988. Aug 26 14:20:52 system pluto[19911]: "LAN"[6] 95.96.10.129 #88: initiating Main Mode to replace #86
  1989. Aug 26 14:23:17 system pluto[19911]: "LAN"[6] 95.96.10.129 #84: ISAKMP SA expired (LATEST!)
  1990. Aug 26 14:23:33 system pluto[19911]: "LAN"[5] 95.96.10.129 #83: ISAKMP SA expired (LATEST!)
  1991. Aug 26 14:26:58 system pluto[19911]: "LAN"[5] 95.96.10.129 #87: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1992. Aug 26 14:26:58 system pluto[19911]: "LAN"[5] 95.96.10.129 #87: starting keying attempt 2 of an unlimited number
  1993. Aug 26 14:26:58 system pluto[19911]: "LAN"[5] 95.96.10.129 #89: initiating Main Mode to replace #87
  1994. Aug 26 14:34:02 system pluto[19911]: "LAN"[6] 95.96.10.129 #88: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1995. Aug 26 14:34:02 system pluto[19911]: "LAN"[6] 95.96.10.129 #88: starting keying attempt 3 of an unlimited number
  1996. Aug 26 14:34:02 system pluto[19911]: "LAN"[6] 95.96.10.129 #90: initiating Main Mode to replace #88
  1997. Aug 26 14:40:08 system pluto[19911]: "LAN"[5] 95.96.10.129 #89: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  1998. Aug 26 14:40:08 system pluto[19911]: "LAN"[5] 95.96.10.129 #89: starting keying attempt 3 of an unlimited number
  1999. Aug 26 14:40:08 system pluto[19911]: "LAN"[5] 95.96.10.129 #91: initiating Main Mode to replace #89
  2000. Aug 26 14:47:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #90: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  2001. Aug 26 14:47:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #90: starting keying attempt 4 of an unlimited number
  2002. Aug 26 14:47:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #92: initiating Main Mode to replace #90
  2003. Aug 26 14:53:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #91: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  2004. Aug 26 14:53:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #91: starting keying attempt 4 of an unlimited number
  2005. Aug 26 14:53:18 system pluto[19911]: "LAN"[5] 95.96.10.129 #93: initiating Main Mode to replace #91
  2006. Aug 26 15:00:22 system pluto[19911]: "LAN"[6] 95.96.10.129 #92: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  2007. Aug 26 15:00:22 system pluto[19911]: "LAN"[6] 95.96.10.129 #92: starting keying attempt 5 of an unlimited number
  2008. Aug 26 15:00:22 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: initiating Main Mode to replace #92
  2009. Aug 26 15:06:28 system pluto[19911]: "LAN"[5] 95.96.10.129 #93: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
  2010. Aug 26 15:06:28 system pluto[19911]: "LAN"[5] 95.96.10.129 #93: starting keying attempt 5 of an unlimited number
  2011. Aug 26 15:06:28 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: initiating Main Mode to replace #93
  2012. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2013. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  2014. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  2015. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  2016. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  2017. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  2018. Aug 26 15:11:19 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  2019. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: responding to Main Mode from unknown peer 95.96.10.129
  2020. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  2021. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: STATE_MAIN_R1: sent MR1, expecting MI2
  2022. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2023. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  2024. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: STATE_MAIN_R2: sent MR2, expecting MI3
  2025. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2026. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: I am sending my cert
  2027. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  2028. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: new NAT mapping for #96, was 95.96.10.129:500, now 95.96.10.129:4500
  2029. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2030. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: the peer proposed: 10.97.10.0/24:0/0 -> 10.81.9.204/32:0/0
  2031. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: responding to Quick Mode proposal {msgid:59d6b2bd}
  2032. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: us: 10.97.10.0/24===85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=admin@testingcorporation.nl,+S=C]
  2033. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: them: 95.96.10.129[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl,+S=C]===10.81.9.204/32
  2034. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: keeping refhim=4294901761 during rekey
  2035. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
  2036. Aug 26 15:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
  2037. Aug 26 15:11:20 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
  2038. Aug 26 15:11:20 system pluto[19911]: "LAN"[6] 95.96.10.129 #97: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x428a7ae2 <0x5b0be685 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=95.96.10.129:4500 DPD=none}
  2039. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2040. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: received Vendor ID payload [Dead Peer Detection]
  2041. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: received Vendor ID payload [RFC 3947] method set to=109
  2042. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: enabling possible NAT-traversal with method 4
  2043. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2044. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: STATE_MAIN_I2: sent MI2, expecting MR2
  2045. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2046. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: I am sending my cert
  2047. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: I am sending a certificate request
  2048. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2049. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: STATE_MAIN_I3: sent MI3, expecting MR3
  2050. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: received Vendor ID payload [CAN-IKEv2]
  2051. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2052. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2053. Aug 26 15:11:32 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2054. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2055. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: received Vendor ID payload [Dead Peer Detection]
  2056. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: received Vendor ID payload [RFC 3947] method set to=109
  2057. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: enabling possible NAT-traversal with method 4
  2058. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2059. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: STATE_MAIN_I2: sent MI2, expecting MR2
  2060. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2061. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: I am sending my cert
  2062. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: I am sending a certificate request
  2063. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2064. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: STATE_MAIN_I3: sent MI3, expecting MR3
  2065. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: received Vendor ID payload [CAN-IKEv2]
  2066. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2067. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2068. Aug 26 15:11:38 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2069. Aug 26 15:59:12 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: initiating Main Mode to replace #95
  2070. Aug 26 16:00:28 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: initiating Main Mode to replace #94
  2071. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2072. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  2073. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  2074. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  2075. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  2076. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  2077. Aug 26 16:07:07 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  2078. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: responding to Main Mode from unknown peer 95.96.10.129
  2079. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  2080. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: STATE_MAIN_R1: sent MR1, expecting MI2
  2081. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2082. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  2083. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: STATE_MAIN_R2: sent MR2, expecting MI3
  2084. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2085. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: I am sending my cert
  2086. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  2087. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: new NAT mapping for #100, was 95.96.10.129:500, now 95.96.10.129:4500
  2088. Aug 26 16:07:07 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2089. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2090. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: received Vendor ID payload [Dead Peer Detection]
  2091. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: received Vendor ID payload [RFC 3947] method set to=109
  2092. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: enabling possible NAT-traversal with method 4
  2093. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2094. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: STATE_MAIN_I2: sent MI2, expecting MR2
  2095. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2096. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: I am sending my cert
  2097. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: I am sending a certificate request
  2098. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2099. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: STATE_MAIN_I3: sent MI3, expecting MR3
  2100. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: received Vendor ID payload [CAN-IKEv2]
  2101. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2102. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2103. Aug 26 16:07:38 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2104. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2105. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: received Vendor ID payload [Dead Peer Detection]
  2106. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: received Vendor ID payload [RFC 3947] method set to=109
  2107. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: enabling possible NAT-traversal with method 4
  2108. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2109. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: STATE_MAIN_I2: sent MI2, expecting MR2
  2110. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2111. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: I am sending my cert
  2112. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: I am sending a certificate request
  2113. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2114. Aug 26 16:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: STATE_MAIN_I3: sent MI3, expecting MR3
  2115. Aug 26 16:07:43 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: received Vendor ID payload [CAN-IKEv2]
  2116. Aug 26 16:07:43 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2117. Aug 26 16:07:43 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2118. Aug 26 16:07:43 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2119. Aug 26 16:11:19 system pluto[19911]: "LAN"[6] 95.96.10.129 #96: received Delete SA payload: deleting ISAKMP State #96
  2120. Aug 26 16:11:19 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2121. Aug 26 16:11:31 system pluto[19911]: "LAN"[6] 95.96.10.129 #94: received Delete SA payload: deleting ISAKMP State #94
  2122. Aug 26 16:11:31 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2123. Aug 26 16:11:37 system pluto[19911]: "LAN"[5] 95.96.10.129 #95: received Delete SA payload: deleting ISAKMP State #95
  2124. Aug 26 16:11:37 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2125. Aug 26 16:51:16 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: initiating Main Mode to replace #98
  2126. Aug 26 16:56:11 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: initiating Main Mode to replace #99
  2127. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2128. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [Dead Peer Detection]
  2129. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [RFC 3947] method set to=109
  2130. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
  2131. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
  2132. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
  2133. Aug 26 17:03:12 system pluto[19911]: packet from 95.96.10.129:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
  2134. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: responding to Main Mode from unknown peer 95.96.10.129
  2135. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
  2136. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: STATE_MAIN_R1: sent MR1, expecting MI2
  2137. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2138. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
  2139. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: STATE_MAIN_R2: sent MR2, expecting MI3
  2140. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2141. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: I am sending my cert
  2142. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
  2143. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: new NAT mapping for #103, was 95.96.10.129:500, now 95.96.10.129:4500
  2144. Aug 26 17:03:12 system pluto[19911]: "LAN"[6] 95.96.10.129 #103: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2145. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2146. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: received Vendor ID payload [Dead Peer Detection]
  2147. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: received Vendor ID payload [RFC 3947] method set to=109
  2148. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: enabling possible NAT-traversal with method 4
  2149. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2150. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: STATE_MAIN_I2: sent MI2, expecting MR2
  2151. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2152. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: I am sending my cert
  2153. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: I am sending a certificate request
  2154. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2155. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: STATE_MAIN_I3: sent MI3, expecting MR3
  2156. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: received Vendor ID payload [CAN-IKEv2]
  2157. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2158. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2159. Aug 26 17:03:21 system pluto[19911]: "LAN"[6] 95.96.10.129 #102: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2160. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: received Vendor ID payload [Openswan (this version) 2.6.28 ]
  2161. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: received Vendor ID payload [Dead Peer Detection]
  2162. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: received Vendor ID payload [RFC 3947] method set to=109
  2163. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: enabling possible NAT-traversal with method 4
  2164. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  2165. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: STATE_MAIN_I2: sent MI2, expecting MR2
  2166. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
  2167. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: I am sending my cert
  2168. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: I am sending a certificate request
  2169. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  2170. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: STATE_MAIN_I3: sent MI3, expecting MR3
  2171. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: received Vendor ID payload [CAN-IKEv2]
  2172. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Right1024, E=admin@testingcorporation.nl'
  2173. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
  2174. Aug 26 17:03:46 system pluto[19911]: "LAN"[5] 95.96.10.129 #101: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
  2175. Aug 26 17:07:06 system pluto[19911]: "LAN"[6] 95.96.10.129 #100: received Delete SA payload: deleting ISAKMP State #100
  2176. Aug 26 17:07:06 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2177. Aug 26 17:07:37 system pluto[19911]: "LAN"[6] 95.96.10.129 #99: received Delete SA payload: deleting ISAKMP State #99
  2178. Aug 26 17:07:37 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2179. Aug 26 17:07:42 system pluto[19911]: "LAN"[5] 95.96.10.129 #98: received Delete SA payload: deleting ISAKMP State #98
  2180. Aug 26 17:07:42 system pluto[19911]: packet from 95.96.10.129:4500: received and ignored informational message
  2181. + _________________________ date
  2182. + date
  2183. Thu Aug 26 17:09:26 CEST 2010
RAW Paste Data