ipsec_setup: Starting Openswan IPsec 2.4.7...
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
+ _________________________ plog
+ sed -n '11106,$p' /var/log/messages
+ egrep -i pluto
+ case "$1" in
+ cat
ipsec__plutorun: Starting Pluto subsystem...
ipsec__plutorun: Unknown default RSA hostkey scheme, not generating a default hostkey
[17266]: Starting Pluto (Openswan Version 2.4.7 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
[17266]: Setting NAT-Traversal port-4500 floating to on
[17266]: port floating activation criteria nat_t=1/port_fload=1
[17266]: including NAT-Traversal patch (Version 0.6c)
[17266]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
[17266]: starting up 1 cryptographic helpers
[17266]: started helper pid=17269 (fd:6)
[17266]: Using NETKEY IPsec interface code on 2.6.25.5-1.1-pae
[17266]: Changing to directory '/etc/ipsec.d/cacerts'
[17266]: Could not change to directory '/etc/ipsec.d/aacerts'
[17266]: Could not change to directory '/etc/ipsec.d/ocspcerts'
[17266]: Changing to directory '/etc/ipsec.d/crls'
[17266]: Warning: empty directory
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: added connection description "win"
[17266]: listening for IKE messages
[17266]: adding interface eth0/eth0 85.114.*.43:500
[17266]: adding interface eth0/eth0 85.114.*.43:4500
[17266]: adding interface lo/lo 127.0.0.2:500
[17266]: adding interface lo/lo 127.0.0.2:4500
[17266]: adding interface lo/lo 127.0.0.1:500
[17266]: adding interface lo/lo 127.0.0.1:4500
[17266]: adding interface lo/lo ::1:500
[17266]: forgetting secrets
[17266]: loading secrets from "/etc/ipsec.secrets"
[17266]: attempt to redefine connection "win"
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[1] 217.232.27.155 #1: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[1] 217.232.27.155 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[1] 217.232.27.155 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[1] 217.232.27.155 #1: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[1] 217.232.27.155 #1: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[1] 217.232.27.155 #1: switched from "win" to "win"
[17266]: "win"[2] 217.232.27.155 #1: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[2] 217.232.27.155 #1: I did not send a certificate because I do not have one.
[17266]: "win"[2] 217.232.27.155 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[2] 217.232.27.155 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[2] 217.232.27.155 #2: responding to Quick Mode {msgid:f1c03a90}
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[2] 217.232.27.155 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[2] 217.232.27.155 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xa09d945b <0x37322689 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA(0xa09d945b) payload: deleting IPSEC State #2
[17266]: "win"[2] 217.232.27.155 #1: received and ignored informational message
[17266]: "win"[2] 217.232.27.155 #1: received Delete SA payload: deleting ISAKMP State #1
[17266]: "win"[2] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [FRAGMENTATION]
[17266]: packet from 217.232.27.155:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
[17266]: packet from 217.232.27.155:500: ignoring Vendor ID payload [Vid-Initial-Contact]
[17266]: "win"[3] 217.232.27.155 #3: responding to Main Mode from unknown peer 217.232.27.155
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R1: sent MR1, expecting MI2
[17266]: "win"[3] 217.232.27.155 #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
[17266]: "win"[3] 217.232.27.155 #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
[17266]: "win"[3] 217.232.27.155 #3: STATE_MAIN_R2: sent MR2, expecting MI3
[17266]: "win"[3] 217.232.27.155 #3: Main mode peer ID is ID_FQDN: '@c17'
[17266]: "win"[3] 217.232.27.155 #3: switched from "win" to "win"
[17266]: "win"[4] 217.232.27.155 #3: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: "win"[4] 217.232.27.155 #3: I did not send a certificate because I do not have one.
[17266]: "win"[4] 217.232.27.155 #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
[17266]: | NAT-T: new mapping 217.232.27.155:500/4500)
[17266]: "win"[4] 217.232.27.155 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
[17266]: "win"[4] 217.232.27.155 #4: responding to Quick Mode {msgid:5c2b80e8}
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
[17266]: "win"[4] 217.232.27.155 #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
[17266]: "win"[4] 217.232.27.155 #4: STATE_QUICK_R2: IPsec SA established {ESP=>0xebf9586e <0x41325766 xfrm=3DES_0-HMAC_MD5 NATD=217.232.27.155:4500 DPD=none}
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA(0xebf9586e) payload: deleting IPSEC State #4
[17266]: "win"[4] 217.232.27.155 #3: received and ignored informational message
[17266]: "win"[4] 217.232.27.155 #3: received Delete SA payload: deleting ISAKMP State #3
[17266]: "win"[4] 217.232.27.155: deleting connection "win" instance with peer 217.232.27.155 {isakmp=#0/ipsec=#0}
[17266]: packet from 217.232.27.155:4500: received and ignored informational message
[17266]: attempt to redefine connection "win"
Lesezeichen